Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-3094
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
2.72%
(0.85117)
Summary
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:56.349Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SA:2009:050", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { name: "oval:org.mitre.oval:def:10981", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { name: "ADV-2010-0609", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0609", }, { name: "HPSBUX02531", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "SSRT090244", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "HPSBOV02506", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "37152", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37152", }, { name: "DSA-1934", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2009/dsa-1934", }, { name: "PK96858", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { name: "20091124 rPSA-2009-0155-1 httpd mod_ssl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.intevydis.com/blog/?p=59", }, { name: "SSRT100782", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "oval:org.mitre.oval:def:8087", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { name: "HPSBMU02753", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "FEDORA-2009-12604", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { name: "PM09161", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { name: "SSRT100108", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { name: "FEDORA-2009-12606", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://intevydis.com/vd-list.shtml", }, { name: "36549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36549", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-02T00:00:00", descriptions: [ { lang: "en", value: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-06T10:10:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SA:2009:050", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { name: "oval:org.mitre.oval:def:10981", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { name: "ADV-2010-0609", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0609", }, { name: "HPSBUX02531", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "SSRT090244", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "HPSBOV02506", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "37152", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37152", }, { name: "DSA-1934", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2009/dsa-1934", }, { name: "PK96858", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { name: "20091124 rPSA-2009-0155-1 httpd mod_ssl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.intevydis.com/blog/?p=59", }, { name: "SSRT100782", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "oval:org.mitre.oval:def:8087", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { name: "HPSBMU02753", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "FEDORA-2009-12604", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { name: "PM09161", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { name: "SSRT100108", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { name: "FEDORA-2009-12606", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { tags: [ "x_refsource_MISC", ], url: "http://intevydis.com/vd-list.shtml", }, { name: "36549", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36549", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3094", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SA:2009:050", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { name: "oval:org.mitre.oval:def:10981", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { name: "ADV-2010-0609", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0609", }, { name: "HPSBUX02531", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "SSRT090244", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "HPSBOV02506", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "37152", refsource: "SECUNIA", url: "http://secunia.com/advisories/37152", }, { name: "DSA-1934", refsource: "DEBIAN", url: "http://www.debian.org/security/2009/dsa-1934", }, { name: "PK96858", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { name: "20091124 rPSA-2009-0155-1 httpd mod_ssl", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { name: "http://www.intevydis.com/blog/?p=59", refsource: "MISC", url: "http://www.intevydis.com/blog/?p=59", }, { name: "SSRT100782", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "oval:org.mitre.oval:def:8087", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { name: "HPSBMU02753", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "FEDORA-2009-12604", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { name: "PM09161", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { name: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", refsource: "CONFIRM", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { name: "SSRT100108", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { name: "FEDORA-2009-12606", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { name: "http://intevydis.com/vd-list.shtml", refsource: "MISC", url: "http://intevydis.com/vd-list.shtml", }, { name: "36549", refsource: "SECUNIA", url: "http://secunia.com/advisories/36549", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3094", datePublished: "2009-09-08T18:00:00", dateReserved: "2009-09-08T00:00:00", dateUpdated: "2024-08-07T06:14:56.349Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2009-3094\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-09-08T18:30:00.657\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.\"},{\"lang\":\"es\",\"value\":\"La función ap_proxy_ftp_handler en modules/proxy/proxy_ftp.c en el módulo mod_proxy_ftp en Apache HTTP Server v2.0.63 y v2.2.13, permite a servidores FTP remotos provocar una denegación de servicio (referencia a puntero NULL o caída de proceso hijo) a través de una respuesta mal formada al comando EPSV.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.35\",\"versionEndExcluding\":\"2.0.64\",\"matchCriteriaId\":\"838655CB-43E7-4BDA-A80C-2314C9870717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.14\",\"matchCriteriaId\":\"2979A101-9EC8-4E80-BFFC-7300F94C8453\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7000D33B-F3C7-43E8-8FC7-9B97AADC3E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44669D7-6C1E-4844-B78A-73E253A7CC17\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"}]}]}],\"references\":[{\"url\":\"http://intevydis.com/vd-list.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=126998684522511&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=126998684522511&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=127557640302499&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=127557640302499&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=133355494609819&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=133355494609819&w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37152\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0155\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1934\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.intevydis.com/blog/?p=59\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/508075/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0609\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=521619\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://intevydis.com/vd-list.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=126998684522511&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=126998684522511&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=127557640302499&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=127557640302499&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=133355494609819&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=133355494609819&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/36549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.intevydis.com/blog/?p=59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/508075/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=521619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"List of the errata fixing this flaw in affected products can be found at:\\nhttps://www.redhat.com/security/data/cve/CVE-2009-3094.html\",\"lastModified\":\"2009-11-12T00:00:00\"}]}}", }, }
rhsa-2009:1461
Vulnerability from csaf_redhat
Published
2009-09-23 21:38
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update
Notes
Topic
Red Hat Application Stack v2.4 is now available. This update fixes several
security issues and adds various enhancements.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Red Hat Application Stack v2.4 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP). JBoss EAP is provided through the JBoss EAP
channels on the Red Hat Network.
PostgreSQL was updated to version 8.2.14, fixing the following security
issues:
A flaw was found in the way PostgreSQL handles LDAP-based authentication.
If PostgreSQL was configured to use LDAP authentication and the LDAP server
was configured to allow anonymous binds, anyone able to connect to a given
database could use this flaw to log in as any database user, including a
PostgreSQL superuser, without supplying a password. (CVE-2009-3231)
It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0040 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)
A flaw was found in the way PostgreSQL handles external plug-ins. This flaw
could allow remote, authenticated users without superuser privileges to
crash the back-end server by using the LOAD command on libraries in
"/var/lib/pgsql/plugins/" that have already been loaded, causing a
temporary denial of service during crash recovery. (CVE-2009-3229)
MySQL was updated to version 5.0.84, fixing the following security issues:
An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)
Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)
Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.
PHP was updated to version 5.2.10, fixing the following security issue:
An insufficient input validation flaw was discovered in the PHP
exif_read_data() function, used to read Exchangeable image file format
(Exif) metadata from images. An attacker could create a specially-crafted
image that could cause the PHP interpreter to crash or disclose portions of
its memory while reading the Exif metadata from the image. (CVE-2009-2687)
Apache httpd has been updated with backported patches to correct the
following security issues:
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
Also, the following packages have been updated:
* postgresql-jdbc to 8.2.510
* php-pear to 1.8.1
* perl-DBI to 1.609
* perl-DBD-MySQL to 4.012
All users should upgrade to these updated packages, which resolve these
issues. Users must restart the individual services, including postgresql,
mysqld, and httpd, for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Application Stack v2.4 is now available. This update fixes several\nsecurity issues and adds various enhancements.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Red Hat Application Stack v2.4 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nPostgreSQL was updated to version 8.2.14, fixing the following security\nissues:\n\nA flaw was found in the way PostgreSQL handles LDAP-based authentication.\nIf PostgreSQL was configured to use LDAP authentication and the LDAP server\nwas configured to allow anonymous binds, anyone able to connect to a given\ndatabase could use this flaw to log in as any database user, including a\nPostgreSQL superuser, without supplying a password. (CVE-2009-3231)\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0040 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handles external plug-ins. This flaw\ncould allow remote, authenticated users without superuser privileges to\ncrash the back-end server by using the LOAD command on libraries in\n\"/var/lib/pgsql/plugins/\" that have already been loaded, causing a\ntemporary denial of service during crash recovery. (CVE-2009-3229)\n\nMySQL was updated to version 5.0.84, fixing the following security issues:\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nPHP was updated to version 5.2.10, fixing the following security issue:\n\nAn insufficient input validation flaw was discovered in the PHP\nexif_read_data() function, used to read Exchangeable image file format\n(Exif) metadata from images. An attacker could create a specially-crafted\nimage that could cause the PHP interpreter to crash or disclose portions of\nits memory while reading the Exif metadata from the image. (CVE-2009-2687)\n\nApache httpd has been updated with backported patches to correct the\nfollowing security issues:\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAlso, the following packages have been updated:\n\n* postgresql-jdbc to 8.2.510\n* php-pear to 1.8.1\n* perl-DBI to 1.609\n* perl-DBD-MySQL to 4.012\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1461", url: "https://access.redhat.com/errata/RHSA-2009:1461", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1461.json", }, ], title: "Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update", tracking: { current_release_date: "2024-11-22T03:25:58+00:00", generator: { date: "2024-11-22T03:25:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1461", initial_release_date: "2009-09-23T21:38:00+00:00", revision_history: [ { date: "2009-09-23T21:38:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-09-23T17:38:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product: { name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_stack:2", }, }, }, ], category: "product_family", name: "Red Hat Application Stack", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.src", product: { name: "php-0:5.2.10-1.el5s2.src", product_id: "php-0:5.2.10-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.src", product: { name: "php-pear-1:1.8.1-2.el5s2.src", product_id: "php-pear-1:1.8.1-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.src", product: { name: "perl-DBI-0:1.609-1.el5s2.src", product_id: "perl-DBI-0:1.609-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.src", product: { name: "mysql-0:5.0.84-2.el5s2.src", product_id: "mysql-0:5.0.84-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=src", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.src", product: { name: "postgresql-0:8.2.14-1.el5s2.src", product_id: "postgresql-0:8.2.14-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.src", product: { name: "httpd-0:2.2.13-2.el5s2.src", product_id: "httpd-0:2.2.13-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.x86_64", product: { name: "php-dba-0:5.2.10-1.el5s2.x86_64", product_id: "php-dba-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.x86_64", product: { name: "php-gd-0:5.2.10-1.el5s2.x86_64", product_id: "php-gd-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.x86_64", product: { name: "php-0:5.2.10-1.el5s2.x86_64", product_id: "php-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_id: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_id: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xml-0:5.2.10-1.el5s2.x86_64", product_id: "php-xml-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_id: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_id: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_id: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_id: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_id: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_id: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.x86_64", product: { name: "php-cli-0:5.2.10-1.el5s2.x86_64", product_id: "php-cli-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.x86_64", product: { name: "php-devel-0:5.2.10-1.el5s2.x86_64", product_id: "php-devel-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-soap-0:5.2.10-1.el5s2.x86_64", product_id: "php-soap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_id: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.x86_64", product: { name: "php-common-0:5.2.10-1.el5s2.x86_64", product_id: "php-common-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_id: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-imap-0:5.2.10-1.el5s2.x86_64", product_id: "php-imap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_id: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.i386", product: { name: "php-dba-0:5.2.10-1.el5s2.i386", product_id: "php-dba-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.i386", product: { name: "php-gd-0:5.2.10-1.el5s2.i386", product_id: "php-gd-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.i386", product: { name: "php-0:5.2.10-1.el5s2.i386", product_id: "php-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.i386", product: { name: "php-mbstring-0:5.2.10-1.el5s2.i386", product_id: "php-mbstring-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_id: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.i386", product: { name: "php-xml-0:5.2.10-1.el5s2.i386", product_id: "php-xml-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.i386", product: { name: "php-ncurses-0:5.2.10-1.el5s2.i386", product_id: "php-ncurses-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.i386", product: { name: "php-odbc-0:5.2.10-1.el5s2.i386", product_id: "php-odbc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.i386", product: { name: "php-mysql-0:5.2.10-1.el5s2.i386", product_id: "php-mysql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.i386", product: { name: "php-snmp-0:5.2.10-1.el5s2.i386", product_id: "php-snmp-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.i386", product: { name: "php-bcmath-0:5.2.10-1.el5s2.i386", product_id: "php-bcmath-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.i386", product: { name: "php-pgsql-0:5.2.10-1.el5s2.i386", product_id: "php-pgsql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.i386", product: { name: "php-cli-0:5.2.10-1.el5s2.i386", product_id: "php-cli-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.i386", product: { name: "php-devel-0:5.2.10-1.el5s2.i386", product_id: "php-devel-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.i386", product: { name: "php-soap-0:5.2.10-1.el5s2.i386", product_id: "php-soap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.i386", product: { name: "php-ldap-0:5.2.10-1.el5s2.i386", product_id: "php-ldap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.i386", product: { name: "php-common-0:5.2.10-1.el5s2.i386", product_id: "php-common-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.i386", product: { name: "php-pdo-0:5.2.10-1.el5s2.i386", product_id: "php-pdo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.i386", product: { name: "php-imap-0:5.2.10-1.el5s2.i386", product_id: "php-imap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-0:1.609-1.el5s2.i386", product_id: "perl-DBI-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.i386", product: { name: "mysql-test-0:5.0.84-2.el5s2.i386", product_id: "mysql-test-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.i386", product: { name: "mysql-libs-0:5.0.84-2.el5s2.i386", product_id: "mysql-libs-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.i386", product: { name: "mysql-devel-0:5.0.84-2.el5s2.i386", product_id: "mysql-devel-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.i386", product: { name: "mysql-bench-0:5.0.84-2.el5s2.i386", product_id: "mysql-bench-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_id: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.i386", product: { name: "mysql-server-0:5.0.84-2.el5s2.i386", product_id: "mysql-server-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.i386", product: { name: "mysql-0:5.0.84-2.el5s2.i386", product_id: "mysql-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_id: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-server-0:8.2.14-1.el5s2.i386", product_id: "postgresql-server-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-python-0:8.2.14-1.el5s2.i386", product_id: "postgresql-python-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-0:8.2.14-1.el5s2.i386", product_id: "postgresql-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-test-0:8.2.14-1.el5s2.i386", product_id: "postgresql-test-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.i386", product: { name: "httpd-manual-0:2.2.13-2.el5s2.i386", product_id: "httpd-manual-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.i386", product: { name: "httpd-devel-0:2.2.13-2.el5s2.i386", product_id: "httpd-devel-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.i386", product: { name: "httpd-0:2.2.13-2.el5s2.i386", product_id: "httpd-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.i386", product: { name: "mod_ssl-1:2.2.13-2.el5s2.i386", product_id: "mod_ssl-1:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.noarch", product: { name: "php-pear-1:1.8.1-2.el5s2.noarch", product_id: "php-pear-1:1.8.1-2.el5s2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", }, product_reference: "httpd-0:2.2.13-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", }, product_reference: "mysql-0:5.0.84-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", }, product_reference: "perl-DBI-0:1.609-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", }, product_reference: "php-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.src", }, product_reference: "php-0:5.2.10-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", }, product_reference: "php-cli-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-cli-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", }, product_reference: "php-common-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-common-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", }, product_reference: "php-dba-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-dba-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", }, product_reference: "php-devel-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-devel-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", }, product_reference: "php-gd-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-gd-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-imap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-imap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", }, product_reference: "php-pear-1:1.8.1-2.el5s2.noarch", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", }, product_reference: "php-pear-1:1.8.1-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-soap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-soap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xml-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xml-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", }, product_reference: "postgresql-0:8.2.14-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, ], }, vulnerabilities: [ { cve: "CVE-2008-4456", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466518", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.", title: "Vulnerability description", }, { category: "summary", text: "mysql: mysql command line client XSS flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-4456", }, { category: "external", summary: "RHBZ#466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-4456", url: "https://www.cve.org/CVERecord?id=CVE-2008-4456", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", }, ], release_date: "2008-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql: mysql command line client XSS flaw", }, { cve: "CVE-2009-2446", discovery_date: "2009-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "511020", }, ], notes: [ { category: "description", text: "Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "MySQL: Format string vulnerability by manipulation with database instances (crash)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446\n\nThe Red Hat Product Security has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2446", }, { category: "external", summary: "RHBZ#511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2446", url: "https://www.cve.org/CVERecord?id=CVE-2009-2446", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", }, ], release_date: "2009-07-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "MySQL: Format string vulnerability by manipulation with database instances (crash)", }, { cve: "CVE-2009-2687", discovery_date: "2009-06-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "506896", }, ], notes: [ { category: "description", text: "The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.", title: "Vulnerability description", }, { category: "summary", text: "php: exif_read_data crash on corrupted JPEG files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2687", }, { category: "external", summary: "RHBZ#506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2687", url: "https://www.cve.org/CVERecord?id=CVE-2009-2687", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", }, ], release_date: "2009-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "php: exif_read_data crash on corrupted JPEG files", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3229", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522092", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by \"re-LOAD-ing\" libraries from a certain plugins directory.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nIn PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3229", }, { category: "external", summary: "RHBZ#522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3229", url: "https://www.cve.org/CVERecord?id=CVE-2009-3229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", }, { cve: "CVE-2009-3230", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522085", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3230", }, { category: "external", summary: "RHBZ#522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3230", url: "https://www.cve.org/CVERecord?id=CVE-2009-3230", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", }, { cve: "CVE-2009-3231", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522084", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not support LDAP authentication, which was introduced upstream in version 8.2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3231", }, { category: "external", summary: "RHBZ#522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3231", url: "https://www.cve.org/CVERecord?id=CVE-2009-3231", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", }, ], }
RHSA-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
rhsa-2009_1580
Vulnerability from csaf_redhat
Published
2009-11-11 22:02
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed before
compression completed. This would cause mod_deflate to consume large
amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1580", url: "https://access.redhat.com/errata/RHSA-2009:1580", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1580.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:25:40+00:00", generator: { date: "2024-11-22T03:25:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1580", initial_release_date: "2009-11-11T22:02:00+00:00", revision_history: [ { date: "2009-11-11T22:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_id: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_id: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-0:2.0.52-41.ent.6.ia64", product_id: "httpd-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_id: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_id: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_id: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.i386", product: { name: "httpd-devel-0:2.0.52-41.ent.6.i386", product_id: "httpd-devel-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.i386", product: { name: "httpd-manual-0:2.0.52-41.ent.6.i386", product_id: "httpd-manual-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.i386", product: { name: "httpd-0:2.0.52-41.ent.6.i386", product_id: "httpd-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.i386", product: { name: "mod_ssl-1:2.0.52-41.ent.6.i386", product_id: "mod_ssl-1:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.src", product: { name: "httpd-0:2.0.52-41.ent.6.src", product_id: "httpd-0:2.0.52-41.ent.6.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_id: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_id: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-0:2.0.52-41.ent.6.ppc", product_id: "httpd-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_id: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-0:2.0.52-41.ent.6.s390x", product_id: "httpd-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390", product: { name: "httpd-0:2.0.52-41.ent.6.s390", product_id: "httpd-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2010_0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
RHSA-2010:0011
Vulnerability from csaf_redhat
Published
2010-01-06 16:21
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd and httpd22 security update
Notes
Topic
Updated httpd and httpd22 packages that fix multiple security issues are
now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, Red Hat Enterprise Linux 4 users
must restart the httpd22 service, and Red Hat Enterprise Linux 5 users must
restart the httpd service, for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd and httpd22 packages that fix multiple security issues are\nnow available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, Red Hat Enterprise Linux 4 users\nmust restart the httpd22 service, and Red Hat Enterprise Linux 5 users must\nrestart the httpd service, for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0011", url: "https://access.redhat.com/errata/RHSA-2010:0011", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0011.json", }, ], title: "Red Hat Security Advisory: httpd and httpd22 security update", tracking: { current_release_date: "2024-11-22T03:25:50+00:00", generator: { date: "2024-11-22T03:25:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2010:0011", initial_release_date: "2010-01-06T16:21:00+00:00", revision_history: [ { date: "2010-01-06T16:21:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-01-06T11:21:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.src", product: { name: "httpd-0:2.2.10-11.ep5.el5.src", product_id: "httpd-0:2.2.10-11.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.src", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2010_0011
Vulnerability from csaf_redhat
Published
2010-01-06 16:21
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd and httpd22 security update
Notes
Topic
Updated httpd and httpd22 packages that fix multiple security issues are
now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, Red Hat Enterprise Linux 4 users
must restart the httpd22 service, and Red Hat Enterprise Linux 5 users must
restart the httpd service, for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd and httpd22 packages that fix multiple security issues are\nnow available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, Red Hat Enterprise Linux 4 users\nmust restart the httpd22 service, and Red Hat Enterprise Linux 5 users must\nrestart the httpd service, for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0011", url: "https://access.redhat.com/errata/RHSA-2010:0011", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0011.json", }, ], title: "Red Hat Security Advisory: httpd and httpd22 security update", tracking: { current_release_date: "2024-11-22T03:25:50+00:00", generator: { date: "2024-11-22T03:25:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2010:0011", initial_release_date: "2010-01-06T16:21:00+00:00", revision_history: [ { date: "2010-01-06T16:21:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-01-06T11:21:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.src", product: { name: "httpd-0:2.2.10-11.ep5.el5.src", product_id: "httpd-0:2.2.10-11.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.src", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2009:1580
Vulnerability from csaf_redhat
Published
2009-11-11 22:02
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed before
compression completed. This would cause mod_deflate to consume large
amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1580", url: "https://access.redhat.com/errata/RHSA-2009:1580", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1580.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:25:40+00:00", generator: { date: "2024-11-22T03:25:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1580", initial_release_date: "2009-11-11T22:02:00+00:00", revision_history: [ { date: "2009-11-11T22:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_id: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_id: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-0:2.0.52-41.ent.6.ia64", product_id: "httpd-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_id: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_id: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_id: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.i386", product: { name: "httpd-devel-0:2.0.52-41.ent.6.i386", product_id: "httpd-devel-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.i386", product: { name: "httpd-manual-0:2.0.52-41.ent.6.i386", product_id: "httpd-manual-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.i386", product: { name: "httpd-0:2.0.52-41.ent.6.i386", product_id: "httpd-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.i386", product: { name: "mod_ssl-1:2.0.52-41.ent.6.i386", product_id: "mod_ssl-1:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.src", product: { name: "httpd-0:2.0.52-41.ent.6.src", product_id: "httpd-0:2.0.52-41.ent.6.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_id: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_id: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-0:2.0.52-41.ent.6.ppc", product_id: "httpd-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_id: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-0:2.0.52-41.ent.6.s390x", product_id: "httpd-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390", product: { name: "httpd-0:2.0.52-41.ent.6.s390", product_id: "httpd-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2010:0011
Vulnerability from csaf_redhat
Published
2010-01-06 16:21
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd and httpd22 security update
Notes
Topic
Updated httpd and httpd22 packages that fix multiple security issues are
now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All users of JBoss Enterprise Web Server 1.0.0 should upgrade to these
updated packages, which contain backported patches to correct these issues.
After installing the updated packages, Red Hat Enterprise Linux 4 users
must restart the httpd22 service, and Red Hat Enterprise Linux 5 users must
restart the httpd service, for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd and httpd22 packages that fix multiple security issues are\nnow available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise\nLinux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, Red Hat Enterprise Linux 4 users\nmust restart the httpd22 service, and Red Hat Enterprise Linux 5 users must\nrestart the httpd service, for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0011", url: "https://access.redhat.com/errata/RHSA-2010:0011", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0011.json", }, ], title: "Red Hat Security Advisory: httpd and httpd22 security update", tracking: { current_release_date: "2024-11-22T03:25:50+00:00", generator: { date: "2024-11-22T03:25:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2010:0011", initial_release_date: "2010-01-06T16:21:00+00:00", revision_history: [ { date: "2010-01-06T16:21:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-01-06T11:21:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-apr@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_id: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl22@2.2.10-25.1.ep5.el4?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_id: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-25.1.ep5.el4?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-devel-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.10-11.ep5.el5?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_id: "mod_ssl-1:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.10-11.ep5.el5?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_id: "httpd-manual-0:2.2.10-11.ep5.el5.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.10-11.ep5.el5?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_id: "httpd22-0:2.2.10-25.1.ep5.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd22@2.2.10-25.1.ep5.el4?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.10-11.ep5.el5.src", product: { name: "httpd-0:2.2.10-11.ep5.el5.src", product_id: "httpd-0:2.2.10-11.ep5.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.10-11.ep5.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", product_id: "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4AS-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.src", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", product_id: "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", }, product_reference: "mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", relates_to_product_reference: "4ES-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.src", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-devel-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", }, product_reference: "httpd-manual-0:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.i386", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", product_id: "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", }, product_reference: "mod_ssl-1:2.2.10-11.ep5.el5.x86_64", relates_to_product_reference: "5Server-JBEWS-5.0.0", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-01-06T16:21:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0011", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-25.1.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-25.1.ep5.el4.x86_64", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-11.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-11.ep5.el5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2009_1461
Vulnerability from csaf_redhat
Published
2009-09-23 21:38
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update
Notes
Topic
Red Hat Application Stack v2.4 is now available. This update fixes several
security issues and adds various enhancements.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Red Hat Application Stack v2.4 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP). JBoss EAP is provided through the JBoss EAP
channels on the Red Hat Network.
PostgreSQL was updated to version 8.2.14, fixing the following security
issues:
A flaw was found in the way PostgreSQL handles LDAP-based authentication.
If PostgreSQL was configured to use LDAP authentication and the LDAP server
was configured to allow anonymous binds, anyone able to connect to a given
database could use this flaw to log in as any database user, including a
PostgreSQL superuser, without supplying a password. (CVE-2009-3231)
It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0040 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)
A flaw was found in the way PostgreSQL handles external plug-ins. This flaw
could allow remote, authenticated users without superuser privileges to
crash the back-end server by using the LOAD command on libraries in
"/var/lib/pgsql/plugins/" that have already been loaded, causing a
temporary denial of service during crash recovery. (CVE-2009-3229)
MySQL was updated to version 5.0.84, fixing the following security issues:
An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)
Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)
Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.
PHP was updated to version 5.2.10, fixing the following security issue:
An insufficient input validation flaw was discovered in the PHP
exif_read_data() function, used to read Exchangeable image file format
(Exif) metadata from images. An attacker could create a specially-crafted
image that could cause the PHP interpreter to crash or disclose portions of
its memory while reading the Exif metadata from the image. (CVE-2009-2687)
Apache httpd has been updated with backported patches to correct the
following security issues:
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
Also, the following packages have been updated:
* postgresql-jdbc to 8.2.510
* php-pear to 1.8.1
* perl-DBI to 1.609
* perl-DBD-MySQL to 4.012
All users should upgrade to these updated packages, which resolve these
issues. Users must restart the individual services, including postgresql,
mysqld, and httpd, for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Application Stack v2.4 is now available. This update fixes several\nsecurity issues and adds various enhancements.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Red Hat Application Stack v2.4 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nPostgreSQL was updated to version 8.2.14, fixing the following security\nissues:\n\nA flaw was found in the way PostgreSQL handles LDAP-based authentication.\nIf PostgreSQL was configured to use LDAP authentication and the LDAP server\nwas configured to allow anonymous binds, anyone able to connect to a given\ndatabase could use this flaw to log in as any database user, including a\nPostgreSQL superuser, without supplying a password. (CVE-2009-3231)\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0040 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handles external plug-ins. This flaw\ncould allow remote, authenticated users without superuser privileges to\ncrash the back-end server by using the LOAD command on libraries in\n\"/var/lib/pgsql/plugins/\" that have already been loaded, causing a\ntemporary denial of service during crash recovery. (CVE-2009-3229)\n\nMySQL was updated to version 5.0.84, fixing the following security issues:\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nPHP was updated to version 5.2.10, fixing the following security issue:\n\nAn insufficient input validation flaw was discovered in the PHP\nexif_read_data() function, used to read Exchangeable image file format\n(Exif) metadata from images. An attacker could create a specially-crafted\nimage that could cause the PHP interpreter to crash or disclose portions of\nits memory while reading the Exif metadata from the image. (CVE-2009-2687)\n\nApache httpd has been updated with backported patches to correct the\nfollowing security issues:\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAlso, the following packages have been updated:\n\n* postgresql-jdbc to 8.2.510\n* php-pear to 1.8.1\n* perl-DBI to 1.609\n* perl-DBD-MySQL to 4.012\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1461", url: "https://access.redhat.com/errata/RHSA-2009:1461", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1461.json", }, ], title: "Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update", tracking: { current_release_date: "2024-11-22T03:25:58+00:00", generator: { date: "2024-11-22T03:25:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1461", initial_release_date: "2009-09-23T21:38:00+00:00", revision_history: [ { date: "2009-09-23T21:38:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-09-23T17:38:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product: { name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_stack:2", }, }, }, ], category: "product_family", name: "Red Hat Application Stack", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.src", product: { name: "php-0:5.2.10-1.el5s2.src", product_id: "php-0:5.2.10-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.src", product: { name: "php-pear-1:1.8.1-2.el5s2.src", product_id: "php-pear-1:1.8.1-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.src", product: { name: "perl-DBI-0:1.609-1.el5s2.src", product_id: "perl-DBI-0:1.609-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.src", product: { name: "mysql-0:5.0.84-2.el5s2.src", product_id: "mysql-0:5.0.84-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=src", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.src", product: { name: "postgresql-0:8.2.14-1.el5s2.src", product_id: "postgresql-0:8.2.14-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.src", product: { name: "httpd-0:2.2.13-2.el5s2.src", product_id: "httpd-0:2.2.13-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.x86_64", product: { name: "php-dba-0:5.2.10-1.el5s2.x86_64", product_id: "php-dba-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.x86_64", product: { name: "php-gd-0:5.2.10-1.el5s2.x86_64", product_id: "php-gd-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.x86_64", product: { name: "php-0:5.2.10-1.el5s2.x86_64", product_id: "php-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_id: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_id: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xml-0:5.2.10-1.el5s2.x86_64", product_id: "php-xml-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_id: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_id: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_id: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_id: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_id: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_id: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.x86_64", product: { name: "php-cli-0:5.2.10-1.el5s2.x86_64", product_id: "php-cli-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.x86_64", product: { name: "php-devel-0:5.2.10-1.el5s2.x86_64", product_id: "php-devel-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-soap-0:5.2.10-1.el5s2.x86_64", product_id: "php-soap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_id: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.x86_64", product: { name: "php-common-0:5.2.10-1.el5s2.x86_64", product_id: "php-common-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_id: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-imap-0:5.2.10-1.el5s2.x86_64", product_id: "php-imap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_id: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.i386", product: { name: "php-dba-0:5.2.10-1.el5s2.i386", product_id: "php-dba-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.i386", product: { name: "php-gd-0:5.2.10-1.el5s2.i386", product_id: "php-gd-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.i386", product: { name: "php-0:5.2.10-1.el5s2.i386", product_id: "php-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.i386", product: { name: "php-mbstring-0:5.2.10-1.el5s2.i386", product_id: "php-mbstring-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_id: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.i386", product: { name: "php-xml-0:5.2.10-1.el5s2.i386", product_id: "php-xml-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.i386", product: { name: "php-ncurses-0:5.2.10-1.el5s2.i386", product_id: "php-ncurses-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.i386", product: { name: "php-odbc-0:5.2.10-1.el5s2.i386", product_id: "php-odbc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.i386", product: { name: "php-mysql-0:5.2.10-1.el5s2.i386", product_id: "php-mysql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.i386", product: { name: "php-snmp-0:5.2.10-1.el5s2.i386", product_id: "php-snmp-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.i386", product: { name: "php-bcmath-0:5.2.10-1.el5s2.i386", product_id: "php-bcmath-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.i386", product: { name: "php-pgsql-0:5.2.10-1.el5s2.i386", product_id: "php-pgsql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.i386", product: { name: "php-cli-0:5.2.10-1.el5s2.i386", product_id: "php-cli-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.i386", product: { name: "php-devel-0:5.2.10-1.el5s2.i386", product_id: "php-devel-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.i386", product: { name: "php-soap-0:5.2.10-1.el5s2.i386", product_id: "php-soap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.i386", product: { name: "php-ldap-0:5.2.10-1.el5s2.i386", product_id: "php-ldap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.i386", product: { name: "php-common-0:5.2.10-1.el5s2.i386", product_id: "php-common-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.i386", product: { name: "php-pdo-0:5.2.10-1.el5s2.i386", product_id: "php-pdo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.i386", product: { name: "php-imap-0:5.2.10-1.el5s2.i386", product_id: "php-imap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-0:1.609-1.el5s2.i386", product_id: "perl-DBI-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.i386", product: { name: "mysql-test-0:5.0.84-2.el5s2.i386", product_id: "mysql-test-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.i386", product: { name: "mysql-libs-0:5.0.84-2.el5s2.i386", product_id: "mysql-libs-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.i386", product: { name: "mysql-devel-0:5.0.84-2.el5s2.i386", product_id: "mysql-devel-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.i386", product: { name: "mysql-bench-0:5.0.84-2.el5s2.i386", product_id: "mysql-bench-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_id: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.i386", product: { name: "mysql-server-0:5.0.84-2.el5s2.i386", product_id: "mysql-server-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.i386", product: { name: "mysql-0:5.0.84-2.el5s2.i386", product_id: "mysql-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_id: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-server-0:8.2.14-1.el5s2.i386", product_id: "postgresql-server-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-python-0:8.2.14-1.el5s2.i386", product_id: "postgresql-python-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-0:8.2.14-1.el5s2.i386", product_id: "postgresql-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-test-0:8.2.14-1.el5s2.i386", product_id: "postgresql-test-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.i386", product: { name: "httpd-manual-0:2.2.13-2.el5s2.i386", product_id: "httpd-manual-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.i386", product: { name: "httpd-devel-0:2.2.13-2.el5s2.i386", product_id: "httpd-devel-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.i386", product: { name: "httpd-0:2.2.13-2.el5s2.i386", product_id: "httpd-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.i386", product: { name: "mod_ssl-1:2.2.13-2.el5s2.i386", product_id: "mod_ssl-1:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.noarch", product: { name: "php-pear-1:1.8.1-2.el5s2.noarch", product_id: "php-pear-1:1.8.1-2.el5s2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", }, product_reference: "httpd-0:2.2.13-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", }, product_reference: "mysql-0:5.0.84-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", }, product_reference: "perl-DBI-0:1.609-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", }, product_reference: "php-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.src", }, product_reference: "php-0:5.2.10-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", }, product_reference: "php-cli-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-cli-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", }, product_reference: "php-common-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-common-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", }, product_reference: "php-dba-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-dba-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", }, product_reference: "php-devel-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-devel-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", }, product_reference: "php-gd-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-gd-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-imap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-imap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", }, product_reference: "php-pear-1:1.8.1-2.el5s2.noarch", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", }, product_reference: "php-pear-1:1.8.1-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-soap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-soap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xml-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xml-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", }, product_reference: "postgresql-0:8.2.14-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, ], }, vulnerabilities: [ { cve: "CVE-2008-4456", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466518", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.", title: "Vulnerability description", }, { category: "summary", text: "mysql: mysql command line client XSS flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-4456", }, { category: "external", summary: "RHBZ#466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-4456", url: "https://www.cve.org/CVERecord?id=CVE-2008-4456", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", }, ], release_date: "2008-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql: mysql command line client XSS flaw", }, { cve: "CVE-2009-2446", discovery_date: "2009-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "511020", }, ], notes: [ { category: "description", text: "Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "MySQL: Format string vulnerability by manipulation with database instances (crash)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446\n\nThe Red Hat Product Security has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2446", }, { category: "external", summary: "RHBZ#511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2446", url: "https://www.cve.org/CVERecord?id=CVE-2009-2446", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", }, ], release_date: "2009-07-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "MySQL: Format string vulnerability by manipulation with database instances (crash)", }, { cve: "CVE-2009-2687", discovery_date: "2009-06-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "506896", }, ], notes: [ { category: "description", text: "The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.", title: "Vulnerability description", }, { category: "summary", text: "php: exif_read_data crash on corrupted JPEG files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2687", }, { category: "external", summary: "RHBZ#506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2687", url: "https://www.cve.org/CVERecord?id=CVE-2009-2687", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", }, ], release_date: "2009-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "php: exif_read_data crash on corrupted JPEG files", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3229", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522092", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by \"re-LOAD-ing\" libraries from a certain plugins directory.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nIn PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3229", }, { category: "external", summary: "RHBZ#522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3229", url: "https://www.cve.org/CVERecord?id=CVE-2009-3229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", }, { cve: "CVE-2009-3230", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522085", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3230", }, { category: "external", summary: "RHBZ#522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3230", url: "https://www.cve.org/CVERecord?id=CVE-2009-3230", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", }, { cve: "CVE-2009-3231", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522084", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not support LDAP authentication, which was introduced upstream in version 8.2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3231", }, { category: "external", summary: "RHBZ#522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3231", url: "https://www.cve.org/CVERecord?id=CVE-2009-3231", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", }, ], }
RHSA-2009:1461
Vulnerability from csaf_redhat
Published
2009-09-23 21:38
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update
Notes
Topic
Red Hat Application Stack v2.4 is now available. This update fixes several
security issues and adds various enhancements.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Red Hat Application Stack v2.4 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP). JBoss EAP is provided through the JBoss EAP
channels on the Red Hat Network.
PostgreSQL was updated to version 8.2.14, fixing the following security
issues:
A flaw was found in the way PostgreSQL handles LDAP-based authentication.
If PostgreSQL was configured to use LDAP authentication and the LDAP server
was configured to allow anonymous binds, anyone able to connect to a given
database could use this flaw to log in as any database user, including a
PostgreSQL superuser, without supplying a password. (CVE-2009-3231)
It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0040 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)
A flaw was found in the way PostgreSQL handles external plug-ins. This flaw
could allow remote, authenticated users without superuser privileges to
crash the back-end server by using the LOAD command on libraries in
"/var/lib/pgsql/plugins/" that have already been loaded, causing a
temporary denial of service during crash recovery. (CVE-2009-3229)
MySQL was updated to version 5.0.84, fixing the following security issues:
An insufficient HTML entities quoting flaw was found in the mysql command
line client's HTML output mode. If an attacker was able to inject arbitrary
HTML tags into data stored in a MySQL database, which was later retrieved
using the mysql command line client and its HTML output mode, they could
perform a cross-site scripting (XSS) attack against victims viewing the
HTML output in a web browser. (CVE-2008-4456)
Multiple format string flaws were found in the way the MySQL server logs
user commands when creating and deleting databases. A remote, authenticated
attacker with permissions to CREATE and DROP databases could use these
flaws to formulate a specifically-crafted SQL command that would cause a
temporary denial of service (open connections to mysqld are terminated).
(CVE-2009-2446)
Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld
"--log" command line option or the "log" option in "/etc/my.cnf") must be
enabled. This logging is not enabled by default.
PHP was updated to version 5.2.10, fixing the following security issue:
An insufficient input validation flaw was discovered in the PHP
exif_read_data() function, used to read Exchangeable image file format
(Exif) metadata from images. An attacker could create a specially-crafted
image that could cause the PHP interpreter to crash or disclose portions of
its memory while reading the Exif metadata from the image. (CVE-2009-2687)
Apache httpd has been updated with backported patches to correct the
following security issues:
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
Also, the following packages have been updated:
* postgresql-jdbc to 8.2.510
* php-pear to 1.8.1
* perl-DBI to 1.609
* perl-DBD-MySQL to 4.012
All users should upgrade to these updated packages, which resolve these
issues. Users must restart the individual services, including postgresql,
mysqld, and httpd, for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Application Stack v2.4 is now available. This update fixes several\nsecurity issues and adds various enhancements.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Red Hat Application Stack v2.4 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nPostgreSQL was updated to version 8.2.14, fixing the following security\nissues:\n\nA flaw was found in the way PostgreSQL handles LDAP-based authentication.\nIf PostgreSQL was configured to use LDAP authentication and the LDAP server\nwas configured to allow anonymous binds, anyone able to connect to a given\ndatabase could use this flaw to log in as any database user, including a\nPostgreSQL superuser, without supplying a password. (CVE-2009-3231)\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0040 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handles external plug-ins. This flaw\ncould allow remote, authenticated users without superuser privileges to\ncrash the back-end server by using the LOAD command on libraries in\n\"/var/lib/pgsql/plugins/\" that have already been loaded, causing a\ntemporary denial of service during crash recovery. (CVE-2009-3229)\n\nMySQL was updated to version 5.0.84, fixing the following security issues:\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nPHP was updated to version 5.2.10, fixing the following security issue:\n\nAn insufficient input validation flaw was discovered in the PHP\nexif_read_data() function, used to read Exchangeable image file format\n(Exif) metadata from images. An attacker could create a specially-crafted\nimage that could cause the PHP interpreter to crash or disclose portions of\nits memory while reading the Exif metadata from the image. (CVE-2009-2687)\n\nApache httpd has been updated with backported patches to correct the\nfollowing security issues:\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAlso, the following packages have been updated:\n\n* postgresql-jdbc to 8.2.510\n* php-pear to 1.8.1\n* perl-DBI to 1.609\n* perl-DBD-MySQL to 4.012\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1461", url: "https://access.redhat.com/errata/RHSA-2009:1461", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#important", url: "http://www.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1461.json", }, ], title: "Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update", tracking: { current_release_date: "2024-11-22T03:25:58+00:00", generator: { date: "2024-11-22T03:25:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1461", initial_release_date: "2009-09-23T21:38:00+00:00", revision_history: [ { date: "2009-09-23T21:38:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-09-23T17:38:40+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product: { name: "Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_stack:2", }, }, }, ], category: "product_family", name: "Red Hat Application Stack", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.src", product: { name: "php-0:5.2.10-1.el5s2.src", product_id: "php-0:5.2.10-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.src", product: { name: "php-pear-1:1.8.1-2.el5s2.src", product_id: "php-pear-1:1.8.1-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=src&epoch=1", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.src", product: { name: "perl-DBI-0:1.609-1.el5s2.src", product_id: "perl-DBI-0:1.609-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.src", product: { name: "mysql-0:5.0.84-2.el5s2.src", product_id: "mysql-0:5.0.84-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=src", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.src", product: { name: "postgresql-0:8.2.14-1.el5s2.src", product_id: "postgresql-0:8.2.14-1.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.src", product: { name: "httpd-0:2.2.13-2.el5s2.src", product_id: "httpd-0:2.2.13-2.el5s2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.x86_64", product: { name: "php-dba-0:5.2.10-1.el5s2.x86_64", product_id: "php-dba-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.x86_64", product: { name: "php-gd-0:5.2.10-1.el5s2.x86_64", product_id: "php-gd-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.x86_64", product: { name: "php-0:5.2.10-1.el5s2.x86_64", product_id: "php-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_id: "php-mbstring-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_id: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.x86_64", product: { name: "php-xml-0:5.2.10-1.el5s2.x86_64", product_id: "php-xml-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_id: "php-ncurses-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_id: "php-odbc-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_id: "php-mysql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_id: "php-snmp-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_id: "php-bcmath-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_id: "php-pgsql-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.x86_64", product: { name: "php-cli-0:5.2.10-1.el5s2.x86_64", product_id: "php-cli-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.x86_64", product: { name: "php-devel-0:5.2.10-1.el5s2.x86_64", product_id: "php-devel-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-soap-0:5.2.10-1.el5s2.x86_64", product_id: "php-soap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_id: "php-ldap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.x86_64", product: { name: "php-common-0:5.2.10-1.el5s2.x86_64", product_id: "php-common-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_id: "php-pdo-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.x86_64", product: { name: "php-imap-0:5.2.10-1.el5s2.x86_64", product_id: "php-imap-0:5.2.10-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.x86_64", product: { name: "perl-DBI-0:1.609-1.el5s2.x86_64", product_id: "perl-DBI-0:1.609-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-test-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-libs-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-devel-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-bench-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-server-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-server-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-python-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-test-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_id: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-manual-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-devel-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.x86_64", product: { name: "httpd-0:2.2.13-2.el5s2.x86_64", product_id: "httpd-0:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_id: "mod_ssl-1:2.2.13-2.el5s2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_id: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-jdbc-debuginfo@8.2.510-1jpp.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-dba-0:5.2.10-1.el5s2.i386", product: { name: "php-dba-0:5.2.10-1.el5s2.i386", product_id: "php-dba-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-dba@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-gd-0:5.2.10-1.el5s2.i386", product: { name: "php-gd-0:5.2.10-1.el5s2.i386", product_id: "php-gd-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-gd@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-0:5.2.10-1.el5s2.i386", product: { name: "php-0:5.2.10-1.el5s2.i386", product_id: "php-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_id: "php-xmlrpc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xmlrpc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mbstring-0:5.2.10-1.el5s2.i386", product: { name: "php-mbstring-0:5.2.10-1.el5s2.i386", product_id: "php-mbstring-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_id: "php-debuginfo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-xml-0:5.2.10-1.el5s2.i386", product: { name: "php-xml-0:5.2.10-1.el5s2.i386", product_id: "php-xml-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-xml@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ncurses-0:5.2.10-1.el5s2.i386", product: { name: "php-ncurses-0:5.2.10-1.el5s2.i386", product_id: "php-ncurses-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ncurses@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-odbc-0:5.2.10-1.el5s2.i386", product: { name: "php-odbc-0:5.2.10-1.el5s2.i386", product_id: "php-odbc-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-odbc@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-mysql-0:5.2.10-1.el5s2.i386", product: { name: "php-mysql-0:5.2.10-1.el5s2.i386", product_id: "php-mysql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-mysql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-snmp-0:5.2.10-1.el5s2.i386", product: { name: "php-snmp-0:5.2.10-1.el5s2.i386", product_id: "php-snmp-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-snmp@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-bcmath-0:5.2.10-1.el5s2.i386", product: { name: "php-bcmath-0:5.2.10-1.el5s2.i386", product_id: "php-bcmath-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pgsql-0:5.2.10-1.el5s2.i386", product: { name: "php-pgsql-0:5.2.10-1.el5s2.i386", product_id: "php-pgsql-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pgsql@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-cli-0:5.2.10-1.el5s2.i386", product: { name: "php-cli-0:5.2.10-1.el5s2.i386", product_id: "php-cli-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-cli@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-devel-0:5.2.10-1.el5s2.i386", product: { name: "php-devel-0:5.2.10-1.el5s2.i386", product_id: "php-devel-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-soap-0:5.2.10-1.el5s2.i386", product: { name: "php-soap-0:5.2.10-1.el5s2.i386", product_id: "php-soap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-soap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-ldap-0:5.2.10-1.el5s2.i386", product: { name: "php-ldap-0:5.2.10-1.el5s2.i386", product_id: "php-ldap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-ldap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-common-0:5.2.10-1.el5s2.i386", product: { name: "php-common-0:5.2.10-1.el5s2.i386", product_id: "php-common-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-common@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-pdo-0:5.2.10-1.el5s2.i386", product: { name: "php-pdo-0:5.2.10-1.el5s2.i386", product_id: "php-pdo-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-pdo@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "php-imap-0:5.2.10-1.el5s2.i386", product: { name: "php-imap-0:5.2.10-1.el5s2.i386", product_id: "php-imap-0:5.2.10-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.2.10-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_id: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI-debuginfo@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBI-0:1.609-1.el5s2.i386", product: { name: "perl-DBI-0:1.609-1.el5s2.i386", product_id: "perl-DBI-0:1.609-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBI@1.609-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_id: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/perl-DBD-MySQL-debuginfo@4.012-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-test-0:5.0.84-2.el5s2.i386", product: { name: "mysql-test-0:5.0.84-2.el5s2.i386", product_id: "mysql-test-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-test@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-libs-0:5.0.84-2.el5s2.i386", product: { name: "mysql-libs-0:5.0.84-2.el5s2.i386", product_id: "mysql-libs-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-libs@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-devel-0:5.0.84-2.el5s2.i386", product: { name: "mysql-devel-0:5.0.84-2.el5s2.i386", product_id: "mysql-devel-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-devel@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-bench-0:5.0.84-2.el5s2.i386", product: { name: "mysql-bench-0:5.0.84-2.el5s2.i386", product_id: "mysql-bench-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-bench@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_id: "mysql-cluster-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-cluster@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-server-0:5.0.84-2.el5s2.i386", product: { name: "mysql-server-0:5.0.84-2.el5s2.i386", product_id: "mysql-server-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-server@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-0:5.0.84-2.el5s2.i386", product: { name: "mysql-0:5.0.84-2.el5s2.i386", product_id: "mysql-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_id: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mysql-debuginfo@5.0.84-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-tcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-tcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_id: "postgresql-devel-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-devel@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-server-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-server-0:8.2.14-1.el5s2.i386", product_id: "postgresql-server-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-server@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-python-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-python-0:8.2.14-1.el5s2.i386", product_id: "postgresql-python-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-python@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plperl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plperl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_id: "postgresql-contrib-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-contrib@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-0:8.2.14-1.el5s2.i386", product_id: "postgresql-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_id: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-debuginfo@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_id: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-pltcl@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-libs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-libs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-test-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-test-0:8.2.14-1.el5s2.i386", product_id: "postgresql-test-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-test@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_id: "postgresql-plpython-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-plpython@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_id: "postgresql-docs-0:8.2.14-1.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/postgresql-docs@8.2.14-1.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.13-2.el5s2.i386", product: { name: "httpd-manual-0:2.2.13-2.el5s2.i386", product_id: "httpd-manual-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.13-2.el5s2.i386", product: { name: "httpd-devel-0:2.2.13-2.el5s2.i386", product_id: "httpd-devel-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_id: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.2.13-2.el5s2.i386", product: { name: "httpd-0:2.2.13-2.el5s2.i386", product_id: "httpd-0:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.13-2.el5s2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.13-2.el5s2.i386", product: { name: "mod_ssl-1:2.2.13-2.el5s2.i386", product_id: "mod_ssl-1:2.2.13-2.el5s2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.13-2.el5s2?arch=i386&epoch=1", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "php-pear-1:1.8.1-2.el5s2.noarch", product: { name: "php-pear-1:1.8.1-2.el5s2.noarch", product_id: "php-pear-1:1.8.1-2.el5s2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/php-pear@1.8.1-2.el5s2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", }, product_reference: "httpd-0:2.2.13-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-devel-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", }, product_reference: "httpd-manual-0:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.13-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", }, product_reference: "mod_ssl-1:2.2.13-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", }, product_reference: "mysql-0:5.0.84-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-bench-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-bench-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-cluster-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-cluster-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-devel-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-devel-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-libs-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-libs-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-server-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-server-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "mysql-test-0:5.0.84-2.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", }, product_reference: "mysql-test-0:5.0.84-2.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", }, product_reference: "perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", }, product_reference: "perl-DBI-0:1.609-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", }, product_reference: "perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", }, product_reference: "php-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.src", }, product_reference: "php-0:5.2.10-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-bcmath-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", }, product_reference: "php-cli-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-cli-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-cli-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", }, product_reference: "php-common-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-common-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-common-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", }, product_reference: "php-dba-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-dba-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-dba-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-debuginfo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", }, product_reference: "php-devel-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-devel-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", }, product_reference: "php-gd-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-gd-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-gd-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-imap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-imap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ldap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ldap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mbstring-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-mysql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-mysql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-ncurses-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-ncurses-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-odbc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-odbc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pdo-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pdo-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.noarch as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", }, product_reference: "php-pear-1:1.8.1-2.el5s2.noarch", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pear-1:1.8.1-2.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", }, product_reference: "php-pear-1:1.8.1-2.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-pgsql-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-pgsql-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-snmp-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-snmp-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", }, product_reference: "php-soap-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-soap-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-soap-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xml-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xml-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xml-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", }, product_reference: "php-xmlrpc-0:5.2.10-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", }, product_reference: "postgresql-0:8.2.14-1.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-contrib-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-devel-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-devel-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-docs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-docs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", }, product_reference: "postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-libs-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-libs-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plperl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-plpython-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-python-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-python-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-server-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-server-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-tcl-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.i386", relates_to_product_reference: "5Server-Stacks", }, { category: "default_component_of", full_product_name: { name: "postgresql-test-0:8.2.14-1.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", product_id: "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", }, product_reference: "postgresql-test-0:8.2.14-1.el5s2.x86_64", relates_to_product_reference: "5Server-Stacks", }, ], }, vulnerabilities: [ { cve: "CVE-2008-4456", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466518", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.", title: "Vulnerability description", }, { category: "summary", text: "mysql: mysql command line client XSS flaw", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-4456", }, { category: "external", summary: "RHBZ#466518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466518", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-4456", url: "https://www.cve.org/CVERecord?id=CVE-2008-4456", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-4456", }, ], release_date: "2008-09-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 1.7, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mysql: mysql command line client XSS flaw", }, { cve: "CVE-2009-2446", discovery_date: "2009-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "511020", }, ], notes: [ { category: "description", text: "Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "MySQL: Format string vulnerability by manipulation with database instances (crash)", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446\n\nThe Red Hat Product Security has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2446", }, { category: "external", summary: "RHBZ#511020", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511020", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2446", url: "https://www.cve.org/CVERecord?id=CVE-2009-2446", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2446", }, ], release_date: "2009-07-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "MySQL: Format string vulnerability by manipulation with database instances (crash)", }, { cve: "CVE-2009-2687", discovery_date: "2009-06-18T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "506896", }, ], notes: [ { category: "description", text: "The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.", title: "Vulnerability description", }, { category: "summary", text: "php: exif_read_data crash on corrupted JPEG files", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2687", }, { category: "external", summary: "RHBZ#506896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=506896", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2687", url: "https://www.cve.org/CVERecord?id=CVE-2009-2687", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2687", }, ], release_date: "2009-06-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "php: exif_read_data crash on corrupted JPEG files", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3229", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522092", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by \"re-LOAD-ing\" libraries from a certain plugins directory.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nIn PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3229", }, { category: "external", summary: "RHBZ#522092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522092", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3229", url: "https://www.cve.org/CVERecord?id=CVE-2009-3229", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3229", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "postgresql: authenticated user server DoS via plugin re-LOAD-ing", }, { cve: "CVE-2009-3230", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522085", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3230", }, { category: "external", summary: "RHBZ#522085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3230", url: "https://www.cve.org/CVERecord?id=CVE-2009-3230", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3230", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600", }, { cve: "CVE-2009-3231", discovery_date: "2009-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522084", }, ], notes: [ { category: "description", text: "The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.", title: "Vulnerability description", }, { category: "summary", text: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", title: "Vulnerability summary", }, { category: "other", text: "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not support LDAP authentication, which was introduced upstream in version 8.2.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3231", }, { category: "external", summary: "RHBZ#522084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3231", url: "https://www.cve.org/CVERecord?id=CVE-2009-3231", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3231", }, ], release_date: "2009-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-09-23T21:38:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1461", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "5Server-Stacks:httpd-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.src", "5Server-Stacks:httpd-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.13-2.el5s2.x86_64", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.src", "5Server-Stacks:mysql-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-bench-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-cluster-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-debuginfo-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-devel-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-libs-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-server-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.i386", "5Server-Stacks:mysql-test-0:5.0.84-2.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.src", "5Server-Stacks:perl-DBD-MySQL-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.i386", "5Server-Stacks:perl-DBD-MySQL-debuginfo-0:4.012-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.src", "5Server-Stacks:perl-DBI-0:1.609-1.el5s2.x86_64", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.i386", "5Server-Stacks:perl-DBI-debuginfo-0:1.609-1.el5s2.x86_64", "5Server-Stacks:php-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-0:5.2.10-1.el5s2.src", "5Server-Stacks:php-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-bcmath-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-cli-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-common-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-dba-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-debuginfo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-devel-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-gd-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-imap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ldap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mbstring-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-mysql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-ncurses-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-odbc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pdo-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.noarch", "5Server-Stacks:php-pear-1:1.8.1-2.el5s2.src", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-pgsql-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-snmp-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-soap-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xml-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.i386", "5Server-Stacks:php-xmlrpc-0:5.2.10-1.el5s2.x86_64", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.src", "5Server-Stacks:postgresql-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-contrib-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-debuginfo-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-devel-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-docs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.src", "5Server-Stacks:postgresql-jdbc-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.i386", "5Server-Stacks:postgresql-jdbc-debuginfo-0:8.2.510-1jpp.el5s2.x86_64", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-libs-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plperl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-plpython-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-pltcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-python-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-server-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-tcl-0:8.2.14-1.el5s2.x86_64", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.i386", "5Server-Stacks:postgresql-test-0:8.2.14-1.el5s2.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed", }, ], }
RHSA-2009:1580
Vulnerability from csaf_redhat
Published
2009-11-11 22:02
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed before
compression completed. This would cause mod_deflate to consume large
amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1580", url: "https://access.redhat.com/errata/RHSA-2009:1580", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1580.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:25:40+00:00", generator: { date: "2024-11-22T03:25:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1580", initial_release_date: "2009-11-11T22:02:00+00:00", revision_history: [ { date: "2009-11-11T22:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:07+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:25:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AS version 4", product: { name: "Red Hat Enterprise Linux AS version 4", product_id: "4AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::as", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop version 4", product: { name: "Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 4", product: { name: "Red Hat Enterprise Linux ES version 4", product_id: "4ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 4", product: { name: "Red Hat Enterprise Linux WS version 4", product_id: "4WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:4::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_id: "httpd-devel-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_id: "httpd-manual-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-0:2.0.52-41.ent.6.ia64", product_id: "httpd-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_id: "mod_ssl-1:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-devel-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-manual-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_id: "mod_ssl-1:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_id: "httpd-suexec-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.i386", product: { name: "httpd-devel-0:2.0.52-41.ent.6.i386", product_id: "httpd-devel-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.i386", product: { name: "httpd-manual-0:2.0.52-41.ent.6.i386", product_id: "httpd-manual-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.i386", product: { name: "httpd-0:2.0.52-41.ent.6.i386", product_id: "httpd-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.i386", product: { name: "mod_ssl-1:2.0.52-41.ent.6.i386", product_id: "mod_ssl-1:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.src", product: { name: "httpd-0:2.0.52-41.ent.6.src", product_id: "httpd-0:2.0.52-41.ent.6.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_id: "httpd-suexec-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_id: "httpd-devel-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_id: "httpd-manual-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-0:2.0.52-41.ent.6.ppc", product_id: "httpd-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_id: "mod_ssl-1:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-0:2.0.52-41.ent.6.s390x", product_id: "httpd-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_id: "httpd-suexec-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-suexec@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.52-41.ent.6.s390", product: { name: "httpd-devel-0:2.0.52-41.ent.6.s390", product_id: "httpd-devel-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-manual-0:2.0.52-41.ent.6.s390", product: { name: "httpd-manual-0:2.0.52-41.ent.6.s390", product_id: "httpd-manual-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.52-41.ent.6.s390", product: { name: "httpd-0:2.0.52-41.ent.6.s390", product_id: "httpd-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.52-41.ent.6?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.52-41.ent.6.s390", product: { name: "mod_ssl-1:2.0.52-41.ent.6.s390", product_id: "mod_ssl-1:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.52-41.ent.6?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_id: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.52-41.ent.6?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux AS version 4", product_id: "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", product_id: "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux ES version 4", product_id: "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.src as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.src", }, product_reference: "httpd-0:2.0.52-41.ent.6.src", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-devel-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-manual-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "httpd-suexec-0:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", }, product_reference: "httpd-suexec-0:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.i386 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.i386", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ia64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ia64", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.ppc as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.ppc", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.s390x as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.s390x", relates_to_product_reference: "4WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.52-41.ent.6.x86_64 as a component of Red Hat Enterprise Linux WS version 4", product_id: "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", }, product_reference: "mod_ssl-1:2.0.52-41.ent.6.x86_64", relates_to_product_reference: "4WS", }, ], }, vulnerabilities: [ { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1580", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS:httpd-0:2.0.52-41.ent.6.i386", "4AS:httpd-0:2.0.52-41.ent.6.ia64", "4AS:httpd-0:2.0.52-41.ent.6.ppc", "4AS:httpd-0:2.0.52-41.ent.6.s390", "4AS:httpd-0:2.0.52-41.ent.6.s390x", "4AS:httpd-0:2.0.52-41.ent.6.src", "4AS:httpd-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4AS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-devel-0:2.0.52-41.ent.6.i386", "4AS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4AS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390", "4AS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4AS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-manual-0:2.0.52-41.ent.6.i386", "4AS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4AS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390", "4AS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4AS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4AS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4AS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4AS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4AS:mod_ssl-1:2.0.52-41.ent.6.i386", "4AS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4AS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390", "4AS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4AS:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-0:2.0.52-41.ent.6.src", "4Desktop:httpd-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.i386", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4Desktop:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.i386", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ia64", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.ppc", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.s390x", "4Desktop:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4ES:httpd-0:2.0.52-41.ent.6.i386", "4ES:httpd-0:2.0.52-41.ent.6.ia64", "4ES:httpd-0:2.0.52-41.ent.6.ppc", "4ES:httpd-0:2.0.52-41.ent.6.s390", "4ES:httpd-0:2.0.52-41.ent.6.s390x", "4ES:httpd-0:2.0.52-41.ent.6.src", "4ES:httpd-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4ES:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-devel-0:2.0.52-41.ent.6.i386", "4ES:httpd-devel-0:2.0.52-41.ent.6.ia64", "4ES:httpd-devel-0:2.0.52-41.ent.6.ppc", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390", "4ES:httpd-devel-0:2.0.52-41.ent.6.s390x", "4ES:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-manual-0:2.0.52-41.ent.6.i386", "4ES:httpd-manual-0:2.0.52-41.ent.6.ia64", "4ES:httpd-manual-0:2.0.52-41.ent.6.ppc", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390", "4ES:httpd-manual-0:2.0.52-41.ent.6.s390x", "4ES:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.i386", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4ES:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390", "4ES:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4ES:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4ES:mod_ssl-1:2.0.52-41.ent.6.i386", "4ES:mod_ssl-1:2.0.52-41.ent.6.ia64", "4ES:mod_ssl-1:2.0.52-41.ent.6.ppc", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390", "4ES:mod_ssl-1:2.0.52-41.ent.6.s390x", "4ES:mod_ssl-1:2.0.52-41.ent.6.x86_64", "4WS:httpd-0:2.0.52-41.ent.6.i386", "4WS:httpd-0:2.0.52-41.ent.6.ia64", "4WS:httpd-0:2.0.52-41.ent.6.ppc", "4WS:httpd-0:2.0.52-41.ent.6.s390", "4WS:httpd-0:2.0.52-41.ent.6.s390x", "4WS:httpd-0:2.0.52-41.ent.6.src", "4WS:httpd-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.i386", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ia64", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.ppc", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.s390x", "4WS:httpd-debuginfo-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-devel-0:2.0.52-41.ent.6.i386", "4WS:httpd-devel-0:2.0.52-41.ent.6.ia64", "4WS:httpd-devel-0:2.0.52-41.ent.6.ppc", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390", "4WS:httpd-devel-0:2.0.52-41.ent.6.s390x", "4WS:httpd-devel-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-manual-0:2.0.52-41.ent.6.i386", "4WS:httpd-manual-0:2.0.52-41.ent.6.ia64", "4WS:httpd-manual-0:2.0.52-41.ent.6.ppc", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390", "4WS:httpd-manual-0:2.0.52-41.ent.6.s390x", "4WS:httpd-manual-0:2.0.52-41.ent.6.x86_64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.i386", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ia64", "4WS:httpd-suexec-0:2.0.52-41.ent.6.ppc", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390", "4WS:httpd-suexec-0:2.0.52-41.ent.6.s390x", "4WS:httpd-suexec-0:2.0.52-41.ent.6.x86_64", "4WS:mod_ssl-1:2.0.52-41.ent.6.i386", "4WS:mod_ssl-1:2.0.52-41.ent.6.ia64", "4WS:mod_ssl-1:2.0.52-41.ent.6.ppc", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390", "4WS:mod_ssl-1:2.0.52-41.ent.6.s390x", "4WS:mod_ssl-1:2.0.52-41.ent.6.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2009_1579
Vulnerability from csaf_redhat
Published
2009-11-11 22:00
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 3 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1579", url: "https://access.redhat.com/errata/RHSA-2009:1579", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1579.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:26:17+00:00", generator: { date: "2024-11-22T03:26:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1579", initial_release_date: "2009-11-11T22:00:00+00:00", revision_history: [ { date: "2009-11-11T22:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:26:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AS version 3", product: { name: "Red Hat Enterprise Linux AS version 3", product_id: "3AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::as", }, }, }, { category: "product_name", name: "Red Hat Desktop version 3", product: { name: "Red Hat Desktop version 3", product_id: "3Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 3", product: { name: "Red Hat Enterprise Linux ES version 3", product_id: "3ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 3", product: { name: "Red Hat Enterprise Linux WS version 3", product_id: "3WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.x86_64", product: { name: "mod_ssl-1:2.0.46-77.ent.x86_64", product_id: "mod_ssl-1:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.x86_64", product: { name: "httpd-devel-0:2.0.46-77.ent.x86_64", product_id: "httpd-devel-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.x86_64", product: { name: "httpd-0:2.0.46-77.ent.x86_64", product_id: "httpd-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.i386", product: { name: "mod_ssl-1:2.0.46-77.ent.i386", product_id: "mod_ssl-1:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.i386", product: { name: "httpd-devel-0:2.0.46-77.ent.i386", product_id: "httpd-devel-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_id: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.i386", product: { name: "httpd-0:2.0.46-77.ent.i386", product_id: "httpd-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.src", product: { name: "httpd-0:2.2.3-31.el5_4.2.src", product_id: "httpd-0:2.2.3-31.el5_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.src", product: { name: "httpd-0:2.0.46-77.ent.src", product_id: "httpd-0:2.0.46-77.ent.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ia64", product: { name: "mod_ssl-1:2.0.46-77.ent.ia64", product_id: "mod_ssl-1:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ia64", product: { name: "httpd-devel-0:2.0.46-77.ent.ia64", product_id: "httpd-devel-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ia64", product: { name: "httpd-0:2.0.46-77.ent.ia64", product_id: "httpd-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ppc", product: { name: "mod_ssl-1:2.0.46-77.ent.ppc", product_id: "mod_ssl-1:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ppc", product: { name: "httpd-devel-0:2.0.46-77.ent.ppc", product_id: "httpd-devel-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ppc", product: { name: "httpd-0:2.0.46-77.ent.ppc", product_id: "httpd-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390x", product: { name: "mod_ssl-1:2.0.46-77.ent.s390x", product_id: "mod_ssl-1:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390x", product: { name: "httpd-devel-0:2.0.46-77.ent.s390x", product_id: "httpd-devel-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390x", product: { name: "httpd-0:2.0.46-77.ent.s390x", product_id: "httpd-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390", product: { name: "mod_ssl-1:2.0.46-77.ent.s390", product_id: "mod_ssl-1:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390", product: { name: "httpd-devel-0:2.0.46-77.ent.s390", product_id: "httpd-devel-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390", product: { name: "httpd-0:2.0.46-77.ent.s390", product_id: "httpd-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
RHSA-2009:1579
Vulnerability from csaf_redhat
Published
2009-11-11 22:00
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 3 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1579", url: "https://access.redhat.com/errata/RHSA-2009:1579", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1579.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:26:17+00:00", generator: { date: "2024-11-22T03:26:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1579", initial_release_date: "2009-11-11T22:00:00+00:00", revision_history: [ { date: "2009-11-11T22:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:26:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AS version 3", product: { name: "Red Hat Enterprise Linux AS version 3", product_id: "3AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::as", }, }, }, { category: "product_name", name: "Red Hat Desktop version 3", product: { name: "Red Hat Desktop version 3", product_id: "3Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 3", product: { name: "Red Hat Enterprise Linux ES version 3", product_id: "3ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 3", product: { name: "Red Hat Enterprise Linux WS version 3", product_id: "3WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.x86_64", product: { name: "mod_ssl-1:2.0.46-77.ent.x86_64", product_id: "mod_ssl-1:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.x86_64", product: { name: "httpd-devel-0:2.0.46-77.ent.x86_64", product_id: "httpd-devel-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.x86_64", product: { name: "httpd-0:2.0.46-77.ent.x86_64", product_id: "httpd-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.i386", product: { name: "mod_ssl-1:2.0.46-77.ent.i386", product_id: "mod_ssl-1:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.i386", product: { name: "httpd-devel-0:2.0.46-77.ent.i386", product_id: "httpd-devel-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_id: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.i386", product: { name: "httpd-0:2.0.46-77.ent.i386", product_id: "httpd-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.src", product: { name: "httpd-0:2.2.3-31.el5_4.2.src", product_id: "httpd-0:2.2.3-31.el5_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.src", product: { name: "httpd-0:2.0.46-77.ent.src", product_id: "httpd-0:2.0.46-77.ent.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ia64", product: { name: "mod_ssl-1:2.0.46-77.ent.ia64", product_id: "mod_ssl-1:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ia64", product: { name: "httpd-devel-0:2.0.46-77.ent.ia64", product_id: "httpd-devel-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ia64", product: { name: "httpd-0:2.0.46-77.ent.ia64", product_id: "httpd-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ppc", product: { name: "mod_ssl-1:2.0.46-77.ent.ppc", product_id: "mod_ssl-1:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ppc", product: { name: "httpd-devel-0:2.0.46-77.ent.ppc", product_id: "httpd-devel-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ppc", product: { name: "httpd-0:2.0.46-77.ent.ppc", product_id: "httpd-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390x", product: { name: "mod_ssl-1:2.0.46-77.ent.s390x", product_id: "mod_ssl-1:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390x", product: { name: "httpd-devel-0:2.0.46-77.ent.s390x", product_id: "httpd-devel-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390x", product: { name: "httpd-0:2.0.46-77.ent.s390x", product_id: "httpd-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390", product: { name: "mod_ssl-1:2.0.46-77.ent.s390", product_id: "mod_ssl-1:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390", product: { name: "httpd-devel-0:2.0.46-77.ent.s390", product_id: "httpd-devel-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390", product: { name: "httpd-0:2.0.46-77.ent.s390", product_id: "httpd-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
rhsa-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
rhsa-2009:1579
Vulnerability from csaf_redhat
Published
2009-11-11 22:00
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)
Note: This update does not fully resolve the issue for HTTPS servers. An
attack is still possible in configurations that require a server-initiated
renegotiation. Refer to the following Knowledgebase article for further
information: http://kbase.redhat.com/faq/docs/DOC-20491
A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied could
use this flaw to crash an httpd child process via a malformed reply to the
EPSV or PASV commands, resulting in a limited denial of service.
(CVE-2009-3094)
A second flaw was found in the Apache mod_proxy_ftp module. In a reverse
proxy configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands to
the FTP server. (CVE-2009-3095)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 3 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update partially mitigates this flaw for SSL\nsessions to HTTP servers using mod_ssl by rejecting client-requested\nrenegotiation. (CVE-2009-3555)\n\nNote: This update does not fully resolve the issue for HTTPS servers. An\nattack is still possible in configurations that require a server-initiated\nrenegotiation. Refer to the following Knowledgebase article for further\ninformation: http://kbase.redhat.com/faq/docs/DOC-20491\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2009:1579", url: "https://access.redhat.com/errata/RHSA-2009:1579", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://kbase.redhat.com/faq/docs/DOC-20491", url: "http://kbase.redhat.com/faq/docs/DOC-20491", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1579.json", }, ], title: "Red Hat Security Advisory: httpd security update", tracking: { current_release_date: "2024-11-22T03:26:17+00:00", generator: { date: "2024-11-22T03:26:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2009:1579", initial_release_date: "2009-11-11T22:00:00+00:00", revision_history: [ { date: "2009-11-11T22:00:00+00:00", number: "1", summary: "Initial version", }, { date: "2009-11-11T17:05:48+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T03:26:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux AS version 3", product: { name: "Red Hat Enterprise Linux AS version 3", product_id: "3AS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::as", }, }, }, { category: "product_name", name: "Red Hat Desktop version 3", product: { name: "Red Hat Desktop version 3", product_id: "3Desktop", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::desktop", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux ES version 3", product: { name: "Red Hat Enterprise Linux ES version 3", product_id: "3ES", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::es", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux WS version 3", product: { name: "Red Hat Enterprise Linux WS version 3", product_id: "3WS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:3::ws", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_id: "httpd-0:2.2.3-31.el5_4.2.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=x86_64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.x86_64", product: { name: "mod_ssl-1:2.0.46-77.ent.x86_64", product_id: "mod_ssl-1:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.x86_64", product: { name: "httpd-devel-0:2.0.46-77.ent.x86_64", product_id: "httpd-devel-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=x86_64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.x86_64", product: { name: "httpd-0:2.0.46-77.ent.x86_64", product_id: "httpd-0:2.0.46-77.ent.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.i386", product: { name: "httpd-0:2.2.3-31.el5_4.2.i386", product_id: "httpd-0:2.2.3-31.el5_4.2.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=i386", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.i386", product: { name: "mod_ssl-1:2.0.46-77.ent.i386", product_id: "mod_ssl-1:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=i386&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.i386", product: { name: "httpd-devel-0:2.0.46-77.ent.i386", product_id: "httpd-devel-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_id: "httpd-debuginfo-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=i386", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.i386", product: { name: "httpd-0:2.0.46-77.ent.i386", product_id: "httpd-0:2.0.46-77.ent.i386", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.src", product: { name: "httpd-0:2.2.3-31.el5_4.2.src", product_id: "httpd-0:2.2.3-31.el5_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=src", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.src", product: { name: "httpd-0:2.0.46-77.ent.src", product_id: "httpd-0:2.0.46-77.ent.src", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ia64", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ia64", product: { name: "mod_ssl-1:2.0.46-77.ent.ia64", product_id: "mod_ssl-1:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ia64&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ia64", product: { name: "httpd-devel-0:2.0.46-77.ent.ia64", product_id: "httpd-devel-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ia64", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ia64", product: { name: "httpd-0:2.0.46-77.ent.ia64", product_id: "httpd-0:2.0.46-77.ent.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.ppc", product: { name: "mod_ssl-1:2.0.46-77.ent.ppc", product_id: "mod_ssl-1:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=ppc&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.ppc", product: { name: "httpd-devel-0:2.0.46-77.ent.ppc", product_id: "httpd-devel-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_id: "httpd-debuginfo-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=ppc", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.ppc", product: { name: "httpd-0:2.0.46-77.ent.ppc", product_id: "httpd-0:2.0.46-77.ent.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_id: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.2.3-31.el5_4.2?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-manual@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390x", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390x", product: { name: "mod_ssl-1:2.0.46-77.ent.s390x", product_id: "mod_ssl-1:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390x&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390x", product: { name: "httpd-devel-0:2.0.46-77.ent.s390x", product_id: "httpd-devel-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390x", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390x", product: { name: "httpd-0:2.0.46-77.ent.s390x", product_id: "httpd-0:2.0.46-77.ent.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-devel-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_id: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.2.3-31.el5_4.2?arch=s390", }, }, }, { category: "product_version", name: "mod_ssl-1:2.0.46-77.ent.s390", product: { name: "mod_ssl-1:2.0.46-77.ent.s390", product_id: "mod_ssl-1:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_ssl@2.0.46-77.ent?arch=s390&epoch=1", }, }, }, { category: "product_version", name: "httpd-devel-0:2.0.46-77.ent.s390", product: { name: "httpd-devel-0:2.0.46-77.ent.s390", product_id: "httpd-devel-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-devel@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_id: "httpd-debuginfo-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd-debuginfo@2.0.46-77.ent?arch=s390", }, }, }, { category: "product_version", name: "httpd-0:2.0.46-77.ent.s390", product: { name: "httpd-0:2.0.46-77.ent.s390", product_id: "httpd-0:2.0.46-77.ent.s390", product_identification_helper: { purl: "pkg:rpm/redhat/httpd@2.0.46-77.ent?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", product_id: "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3AS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Desktop version 3", product_id: "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3Desktop", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", product_id: "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3ES", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.i386", }, product_reference: "httpd-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390", }, product_reference: "httpd-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.src as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.src", }, product_reference: "httpd-0:2.0.46-77.ent.src", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-debuginfo-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.i386", }, product_reference: "httpd-devel-0:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ia64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.ppc", }, product_reference: "httpd-devel-0:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.s390x", }, product_reference: "httpd-devel-0:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", }, product_reference: "httpd-devel-0:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.i386", }, product_reference: "mod_ssl-1:2.0.46-77.ent.i386", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ia64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ia64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.ppc", }, product_reference: "mod_ssl-1:2.0.46-77.ent.ppc", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.s390x", }, product_reference: "mod_ssl-1:2.0.46-77.ent.s390x", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.0.46-77.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", product_id: "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", }, product_reference: "mod_ssl-1:2.0.46-77.ent.x86_64", relates_to_product_reference: "3WS", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.src", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-devel-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", }, product_reference: "httpd-manual-0:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", }, product_reference: "mod_ssl-1:2.2.3-31.el5_4.2.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-3555", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, discovery_date: "2009-10-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "533125", }, ], notes: [ { category: "description", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "Vulnerability description", }, { category: "summary", text: "TLS: MITM attacks via session renegotiation", title: "Vulnerability summary", }, { category: "other", text: "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "RHBZ#533125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=533125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3555", url: "https://www.cve.org/CVERecord?id=CVE-2009-3555", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", }, ], release_date: "2009-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2009-11-11T22:00:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2009:1579", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "3AS:httpd-0:2.0.46-77.ent.i386", "3AS:httpd-0:2.0.46-77.ent.ia64", "3AS:httpd-0:2.0.46-77.ent.ppc", "3AS:httpd-0:2.0.46-77.ent.s390", "3AS:httpd-0:2.0.46-77.ent.s390x", "3AS:httpd-0:2.0.46-77.ent.src", "3AS:httpd-0:2.0.46-77.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3AS:httpd-devel-0:2.0.46-77.ent.i386", "3AS:httpd-devel-0:2.0.46-77.ent.ia64", "3AS:httpd-devel-0:2.0.46-77.ent.ppc", "3AS:httpd-devel-0:2.0.46-77.ent.s390", "3AS:httpd-devel-0:2.0.46-77.ent.s390x", "3AS:httpd-devel-0:2.0.46-77.ent.x86_64", "3AS:mod_ssl-1:2.0.46-77.ent.i386", "3AS:mod_ssl-1:2.0.46-77.ent.ia64", "3AS:mod_ssl-1:2.0.46-77.ent.ppc", "3AS:mod_ssl-1:2.0.46-77.ent.s390", "3AS:mod_ssl-1:2.0.46-77.ent.s390x", "3AS:mod_ssl-1:2.0.46-77.ent.x86_64", "3Desktop:httpd-0:2.0.46-77.ent.i386", "3Desktop:httpd-0:2.0.46-77.ent.ia64", "3Desktop:httpd-0:2.0.46-77.ent.ppc", "3Desktop:httpd-0:2.0.46-77.ent.s390", "3Desktop:httpd-0:2.0.46-77.ent.s390x", "3Desktop:httpd-0:2.0.46-77.ent.src", "3Desktop:httpd-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-77.ent.i386", "3Desktop:httpd-devel-0:2.0.46-77.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-77.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390", "3Desktop:httpd-devel-0:2.0.46-77.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-77.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-77.ent.i386", "3Desktop:mod_ssl-1:2.0.46-77.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-77.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390", "3Desktop:mod_ssl-1:2.0.46-77.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-77.ent.x86_64", "3ES:httpd-0:2.0.46-77.ent.i386", "3ES:httpd-0:2.0.46-77.ent.ia64", "3ES:httpd-0:2.0.46-77.ent.ppc", "3ES:httpd-0:2.0.46-77.ent.s390", "3ES:httpd-0:2.0.46-77.ent.s390x", "3ES:httpd-0:2.0.46-77.ent.src", "3ES:httpd-0:2.0.46-77.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3ES:httpd-devel-0:2.0.46-77.ent.i386", "3ES:httpd-devel-0:2.0.46-77.ent.ia64", "3ES:httpd-devel-0:2.0.46-77.ent.ppc", "3ES:httpd-devel-0:2.0.46-77.ent.s390", "3ES:httpd-devel-0:2.0.46-77.ent.s390x", "3ES:httpd-devel-0:2.0.46-77.ent.x86_64", "3ES:mod_ssl-1:2.0.46-77.ent.i386", "3ES:mod_ssl-1:2.0.46-77.ent.ia64", "3ES:mod_ssl-1:2.0.46-77.ent.ppc", "3ES:mod_ssl-1:2.0.46-77.ent.s390", "3ES:mod_ssl-1:2.0.46-77.ent.s390x", "3ES:mod_ssl-1:2.0.46-77.ent.x86_64", "3WS:httpd-0:2.0.46-77.ent.i386", "3WS:httpd-0:2.0.46-77.ent.ia64", "3WS:httpd-0:2.0.46-77.ent.ppc", "3WS:httpd-0:2.0.46-77.ent.s390", "3WS:httpd-0:2.0.46-77.ent.s390x", "3WS:httpd-0:2.0.46-77.ent.src", "3WS:httpd-0:2.0.46-77.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-77.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-77.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-77.ent.x86_64", "3WS:httpd-devel-0:2.0.46-77.ent.i386", "3WS:httpd-devel-0:2.0.46-77.ent.ia64", "3WS:httpd-devel-0:2.0.46-77.ent.ppc", "3WS:httpd-devel-0:2.0.46-77.ent.s390", "3WS:httpd-devel-0:2.0.46-77.ent.s390x", "3WS:httpd-devel-0:2.0.46-77.ent.x86_64", "3WS:mod_ssl-1:2.0.46-77.ent.i386", "3WS:mod_ssl-1:2.0.46-77.ent.ia64", "3WS:mod_ssl-1:2.0.46-77.ent.ppc", "3WS:mod_ssl-1:2.0.46-77.ent.s390", "3WS:mod_ssl-1:2.0.46-77.ent.s390x", "3WS:mod_ssl-1:2.0.46-77.ent.x86_64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.src", "5Client-Workstation:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-0:2.2.3-31.el5_4.2.src", "5Client:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Client:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Client:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-0:2.2.3-31.el5_4.2.src", "5Server:httpd-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-debuginfo-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.ppc64", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-devel-0:2.2.3-31.el5_4.2.x86_64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.i386", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ia64", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.ppc", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.s390x", "5Server:httpd-manual-0:2.2.3-31.el5_4.2.x86_64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.i386", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ia64", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.ppc", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.s390x", "5Server:mod_ssl-1:2.2.3-31.el5_4.2.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "TLS: MITM attacks via session renegotiation", }, ], }
var-200909-0801
Vulnerability from variot
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The Apache 'mod_proxy_ftp' module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. (CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1934-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 16, 2009 http://www.debian.org/security/faq
Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability.
As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate):
-
- The "SSLVerifyClient" directive is used in a Directory or Location context.
-
- The "SSLCipherSuite" directive is used in a Directory or Location context.
As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level.
A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue.
CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server.
For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on its next update. Patch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . The patch kits and installation instructions are available from the following location using ftp:
Host Account Password
ftp.usa.hp.com ewt01 Welcome1
CSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms.
Itanium Images mod_proxy.exe_ia64 mod_proxy_ftp.exe_ia64
Alpha Images mod_proxy.exe_axp mod_proxy_ftp.exe_axp
The patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02160663 Version: 1
HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02 Last Updated: 2010-06-02
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
References: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30; CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15
Web Server Suite Version / HP-UX Release / Depot name
Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot
Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot
Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot
Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot
Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot
Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot
Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.09 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.09 or subsequent
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.09 or subsequent
For Web Server Suite before v2.30 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.31
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv nksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100 =/Gfl -----END PGP SIGNATURE----- .
BAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0801", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "http server", scope: "lt", trust: 1.8, vendor: "apache", version: "2.0.64", }, { model: "http server", scope: "lt", trust: 1.8, vendor: "apache", version: "2.2.14", }, { model: "linux", scope: "eq", trust: 1.3, vendor: "debian", version: "5.0", }, { model: "linux", scope: "eq", trust: 1.3, vendor: "debian", version: "4.0", }, { model: "websphere application server", scope: "eq", trust: 1.1, vendor: "ibm", version: "7.0", }, { model: "http server", scope: "eq", trust: 1.1, vendor: "ibm", version: "7.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "12", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "10", }, { model: "http server", scope: "gte", trust: 1, vendor: "apache", version: "2.0.35", }, { model: "http server", scope: "gte", trust: 1, vendor: "apache", version: "2.2.0", }, { model: "http server", scope: "eq", trust: 0.8, vendor: "ibm", version: "2.0.47.x", }, { model: "http server", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.0", }, { model: "http server", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.1", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.1", }, { model: "opensolaris", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "10", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3 (x86)", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3 (x86-64)", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3.0", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3.0 (x86-64)", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4.0", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "4.0 (x86-64)", }, { model: "turbolinux appliance server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "2.0", }, { model: "turbolinux appliance server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "3.0", }, { model: "turbolinux appliance server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "3.0 (x64)", }, { model: "turbolinux client", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "2008", }, { model: "turbolinux fuji", scope: null, trust: 0.8, vendor: "turbo linux", version: null, }, { model: "turbolinux server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "10", }, { model: "turbolinux server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "10 (x64)", }, { model: "turbolinux server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "11", }, { model: "turbolinux server", scope: "eq", trust: 0.8, vendor: "turbo linux", version: "11 (x64)", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.11", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.23", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.31", }, { model: "hp-ux apache-based web server", scope: "lt", trust: 0.8, vendor: "hewlett packard", version: "v.2.2.15.03", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "3 (as)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "3 (es)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "3 (ws)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (as)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (es)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 (ws)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4.8 (as)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "4.8 (es)", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (server)", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.8, vendor: "red hat", version: "3.0", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.8, vendor: "red hat", version: "4.0", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.8, vendor: "red hat", version: "5.0 (client)", }, { model: "enterprise linux eus", scope: "eq", trust: 0.8, vendor: "red hat", version: "5.4.z (server)", }, { model: "rhel desktop workstation", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (client)", }, { model: "interstage application server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage studio", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage web server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "http server", scope: "eq", trust: 0.6, vendor: "apache", version: "2.2.13", }, { model: "http server", scope: "eq", trust: 0.6, vendor: "apache", version: "2.0.63", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "linux lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.04", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.04", }, { model: "linux lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.04", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.04", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.04", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.10", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.10", }, { model: "linux lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.10", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.10", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.10", }, { model: "linux lts sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux lts powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux lts lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux lts sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "6.06", }, { model: "linux lts powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "6.06", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "6.06", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "6.06", }, { model: "server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "10.0", }, { model: "server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "11x64", }, { model: "server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "11", }, { model: "server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "10.0.0x64", }, { model: "fuji", scope: null, trust: 0.3, vendor: "turbolinux", version: null, }, { model: "fuji", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "0", }, { model: "client", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "2008", }, { model: "appliance server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "3.0x64", }, { model: "appliance server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "3.0", }, { model: "appliance server", scope: "eq", trust: 0.3, vendor: "turbolinux", version: "2.0", }, { model: "linux enterprise server", scope: "eq", trust: 0.3, vendor: "suse", version: "9", }, { model: "linux enterprise server debuginfo", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux enterprise server", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise server sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise sdk sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise sdk sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise desktop sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux enterprise sp3 debuginfo", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux enterprise sp2 debuginfo", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "suse", version: "10.3", }, { model: "solaris 10 x86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "solaris 10 sparc", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 99", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 98", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 96", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 95", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 94", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 93", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 92", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 91", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 90", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 89", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 88", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 87", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 86", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 85", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 84", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 83", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 82", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 81", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 80", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 78", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 77", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 76", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 74", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 71", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 68", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 67", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 64", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 61", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 59", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 58", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 57", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 56", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 54", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 51", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 50", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 49", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 48", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 47", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 45", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 41", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 39", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 38", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 37", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 36", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 35", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 29", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 28", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 22", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 19", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 13", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 111a", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 111", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 110", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 109", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 108", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 107", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 106", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 105", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 104", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 103", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 102", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 101a", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 101", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 100", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 02", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 01", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris build snv 111b", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "opensolaris", scope: "eq", trust: 0.3, vendor: "sun", version: "0", }, { model: "linux x86 64 -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "12.2", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "12.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "12.0", }, { model: "linux -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "11.1", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "11.0", }, { model: "open-enterprise-server", scope: "eq", trust: 0.3, vendor: "s u s e", version: "0", }, { model: "novell linux pos", scope: "eq", trust: 0.3, vendor: "s u s e", version: "9", }, { model: "novell linux desktop", scope: "eq", trust: 0.3, vendor: "s u s e", version: "9.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "rpath", version: "2", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "rpath", version: "1", }, { model: "appliance platform linux service", scope: "eq", trust: 0.3, vendor: "rpath", version: "2", }, { model: "appliance platform linux service", scope: "eq", trust: 0.3, vendor: "rpath", version: "1", }, { model: "enterprise linux ws", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "enterprise linux ws", scope: "eq", trust: 0.3, vendor: "redhat", version: "3", }, { model: "enterprise linux es", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "enterprise linux es", scope: "eq", trust: 0.3, vendor: "redhat", version: "3", }, { model: "enterprise linux desktop workstation client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "enterprise linux desktop version", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "3.0", }, { model: "certificate server", scope: "eq", trust: 0.3, vendor: "redhat", version: "7.3", }, { model: "application stack", scope: "eq", trust: 0.3, vendor: "redhat", version: "v20", }, { model: "hat jboss enterprise web server for rhel server", scope: "eq", trust: 0.3, vendor: "red", version: "51.0", }, { model: "hat jboss enterprise web server for rhel es", scope: "eq", trust: 0.3, vendor: "red", version: "41.0", }, { model: "hat jboss enterprise web server for rhel as", scope: "eq", trust: 0.3, vendor: "red", version: "41.0", }, { model: "hat enterprise linux desktop client", scope: "eq", trust: 0.3, vendor: "red", version: "5", }, { model: "hat enterprise linux as", scope: "eq", trust: 0.3, vendor: "red", version: "4", }, { model: "hat enterprise linux as", scope: "eq", trust: 0.3, vendor: "red", version: "3", }, { model: "hat enterprise linux server", scope: "eq", trust: 0.3, vendor: "red", version: "5", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "pardus", version: "20090", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.1", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.1", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.0", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.0", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2008.1", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2008.1", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2008.0", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2008.0", }, { model: "multi network firewall", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "2.0", }, { model: "enterprise server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "enterprise server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "corporate server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "4.0", }, { model: "corporate server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "3.0", }, { model: "corporate server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "3.0", }, { model: "corporate server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "4.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.03", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.8", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.7", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.1", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.25", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.19", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.17", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.15", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.35", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.33", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.27", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.13", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.47.1", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.47", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.13", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.1", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.23", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.19", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.2.12", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "compaq secure web server for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "8.06", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "8.05", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "8.01", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "7.55", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "6", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "interstage studio standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "interstage studio standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "interstage studio standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage studio standard-j edition b", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1.0", }, { model: "interstage studio enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "interstage studio enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "interstage studio enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage studio enterprise edition b", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1.0", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "interstage application server standard-j edition b", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage application server standard-j edition a", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage application server standard-j edition 9.1.0b", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "interstage application server enterprise edition a", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "interstage application server enterprise edition 9.1.0b", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux mipsel", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux m68k", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux hppa", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux armel", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux alpha", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux mipsel", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux m68k", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux hppa", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux armel", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "linux alpha", scope: "eq", trust: 0.3, vendor: "debian", version: "4.0", }, { model: "coat systems director", scope: "eq", trust: 0.3, vendor: "blue", version: "5.2.2.5", }, { model: "coat systems director", scope: "eq", trust: 0.3, vendor: "blue", version: "4.2.2.4", }, { model: "coat systems director", scope: "eq", trust: 0.3, vendor: "blue", version: "5.5", }, { model: "coat systems director", scope: "eq", trust: 0.3, vendor: "blue", version: "5.4", }, { model: "coat systems director", scope: "eq", trust: 0.3, vendor: "blue", version: "0", }, { model: "voice portal sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "voice portal sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "voice portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.1", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.1.6", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.1.5", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.1.4", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.1.3", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.1", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "software foundation mod proxy ftp", scope: "eq", trust: 0.3, vendor: "apache", version: "0", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.13", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.12", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.11", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.10", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.9", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.8", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.6", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.5", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.2", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2", }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0.63", }, { model: "software foundation apache 2.2.7-dev", scope: null, trust: 0.3, vendor: "apache", version: null, }, { model: "software foundation apache 2.2.6-dev", scope: null, trust: 0.3, vendor: "apache", version: null, }, { model: "software foundation apache 2.2.5-dev", scope: null, trust: 0.3, vendor: "apache", version: null, }, { model: "software foundation apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.1", }, { model: "websphere application server", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.0.9", }, { model: "business availability center", scope: "ne", trust: 0.3, vendor: "hp", version: "8.07", }, { model: "coat systems director", scope: "ne", trust: 0.3, vendor: "blue", version: "5.5.2.3", }, { model: "software foundation apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.2.14", }, ], sources: [ { db: "BID", id: "36260", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "CNNVD", id: "CNNVD-200909-107", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apache:http_server", vulnerable: true, }, { cpe22Uri: "cpe:/a:ibm:http_server", vulnerable: true, }, { cpe22Uri: "cpe:/a:ibm:websphere_application_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:oracle:opensolaris", vulnerable: true, }, { cpe22Uri: "cpe:/o:oracle:solaris", vulnerable: true, }, { cpe22Uri: "cpe:/o:misc:miraclelinux_asianux_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:turbolinux:turbolinux_appliance_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:turbolinux:turbolinux_client", vulnerable: true, }, { cpe22Uri: "cpe:/o:turbolinux:turbolinux_fuji", vulnerable: true, }, { cpe22Uri: "cpe:/o:turbolinux:turbolinux_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:hp:hp-ux", vulnerable: true, }, { cpe22Uri: "cpe:/h:hp:apache-based_web_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:redhat:enterprise_linux", vulnerable: true, }, { cpe22Uri: "cpe:/o:redhat:enterprise_linux_desktop", vulnerable: true, }, { cpe22Uri: "cpe:/o:redhat:enterprise_linux_eus", vulnerable: true, }, { cpe22Uri: "cpe:/o:redhat:rhel_desktop_workstation", vulnerable: true, }, { cpe22Uri: "cpe:/a:fujitsu:interstage_application_server", vulnerable: true, }, { cpe22Uri: "cpe:/a:fujitsu:interstage_studio", vulnerable: true, }, { cpe22Uri: "cpe:/a:fujitsu:interstage_web_server", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-002187", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Evgeny Legerov", sources: [ { db: "BID", id: "36260", }, { db: "CNNVD", id: "CNNVD-200909-107", }, ], trust: 0.9, }, cve: "CVE-2009-3094", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", exploitabilityScore: 4.9, id: "CVE-2009-3094", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.1, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "High", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 5.4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2009-3094", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2009-3094", trust: 1, value: "LOW", }, { author: "NVD", id: "CVE-2009-3094", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-200909-107", trust: 0.6, value: "LOW", }, { author: "VULMON", id: "CVE-2009-3094", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2009-3094", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "CNNVD", id: "CNNVD-200909-107", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The Apache 'mod_proxy_ftp' module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. \nSuccessful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. ===========================================================\nUbuntu Security Notice USN-860-1 November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n apache2.2-common 2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n apache2.2-common 2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n apache2.2-common 2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. If an attacker could perform a man in the middle attack at the\nstart of a TLS connection, the attacker could inject arbitrary content at\nthe beginning of the user's session. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 834492 818915da9848657833480b1ead6b4a12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 224594 85a4480344a072868758c466f6a98747\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229128 446b52088b9744fb776e53155403a474\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 142730 d43356422176ca29440f3e0572678093\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 269070 bf585dec777b0306cd80663c11b020df\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 141660 958585d6391847cd5a618464054f7d37\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 206386 06402188459de8dab5279b5bfef768fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 233152 1165607c64c57c84212b6b106254e885\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 143838 28e9c3811feeac70b846279e82c23430\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 209550 496d387e315370c0cd83489db663a356\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 778564 ffd7752394933004094c13b00113b263\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 208528 6672fb116e108687669c89197732fbb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 261510 d3e1155682726cc28859156e647d97b3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 84558 68452b686e89320007e9c5367ce36345\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 926240 8282583e86e84bd256959540f39a515d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 241280 1eea25472875056e34cd2c3283c60171\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246024 5709e7421814ecfb83fff5804d429971\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 258414 8ef063026de9790bac1965427ce1b584\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 213294 09701d434bd102e4205e551b4525afd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 87818 670c62615e107920c45893b3377ab2a0\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 244914 955bb5121da808d44aa994386d90723f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 214286 a378e2e0418631cec0f398379a446172\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2336 009d381342b0be5280835a46c91f01d9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2314 17719223d92d46821098ce178b5947d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 155166 4347806710edff47fc051b4a68d5b448\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 90316 add7f446f6b524343c0066a486dd299a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1934-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : multiple issues\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555\n\n\nA design flaw has been found in the TLS and SSL protocol that allows\nan attacker to inject arbitrary content at the beginning of a TLS/SSL\nconnection. The attack is related to the way how TLS and SSL handle\nsession renegotiations. CVE-2009-3555 has been assigned to this\nvulnerability. \n\nAs a partial mitigation against this attack, this apache2 update\ndisables client-initiated renegotiations. This should fix the\nvulnerability for the majority of Apache configurations in use. \n\nNOTE: This is not a complete fix for the problem. The attack is\nstill possible in configurations where the server initiates the\nrenegotiation. This is the case for the following configurations\n(the information in the changelog of the updated packages is\nslightly inaccurate):\n\n- - The \"SSLVerifyClient\" directive is used in a Directory or Location\n context. \n- - The \"SSLCipherSuite\" directive is used in a Directory or Location\n context. \n\nAs a workaround, you may rearrange your configuration in a way that\nSSLVerifyClient and SSLCipherSuite are only used on the server or\nvirtual host level. \n\nA complete fix for the problem will require a protocol change. Further\ninformation will be included in a separate announcement about this\nissue. \n\nCVE-2009-3095: Insufficient input validation in the mod_proxy_ftp\nmodule allowed remote authenticated attackers to bypass intended access\nrestrictions and send arbitrary FTP commands to an FTP server. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny6. This version also includes some non-security\nbug fixes that were scheduled for inclusion in the next stable point\nrelease (Debian 5.0.4). \n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch11. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.14-2. \n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages. \n\nUpdated apache2-mpm-itk packages for the armel architecture are not\nincluded yet. They will be released as soon as they become available. \n\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch (oldstable)\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc\n Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz\n Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb\n Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb\n Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb\n Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb\n Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb\n Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb\n Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb\n Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb\n Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb\n Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb\n Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb\n Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874\n\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc\n Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz\n Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb\n Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb\n Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb\n Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb\n Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb\n Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb\n Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb\n Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb\n Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb\n Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb\n Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb\n Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e\n\n\n These files will probably be moved into the stable distribution on\n its next update. \nPatch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . \nThe patch kits and installation instructions are available from the following location using ftp:\n\n Host Account Password\n ftp.usa.hp.com ewt01 Welcome1\n\nCSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms. \n\nItanium Images\n mod_proxy.exe_ia64\n mod_proxy_ftp.exe_ia64\n\nAlpha Images\n mod_proxy.exe_axp\n mod_proxy_ftp.exe_axp\n\nThe patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02160663\nVersion: 1\n\nHPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-06-02\nLast Updated: 2010-06-02\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. \n\nReferences: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09\nHP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4\nCVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nNote: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30;\nCVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Web Server Suite before v3.09\nHP-UX B.11.23\n==================\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\naction: install revision B.2.2.8.09 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.8.09 or subsequent\n\nFor Web Server Suite before v2.30\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 2 June 2010 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber's choice for Business: sign-in. \nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing & Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv\nnksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100\n=/Gfl\n-----END PGP SIGNATURE-----\n. \n\nBAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com", sources: [ { db: "NVD", id: "CVE-2009-3094", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "BID", id: "36260", }, { db: "VULMON", id: "CVE-2009-3094", }, { db: "PACKETSTORM", id: "82799", }, { db: "PACKETSTORM", id: "83521", }, { db: "PACKETSTORM", id: "82647", }, { db: "PACKETSTORM", id: "81540", }, { db: "PACKETSTORM", id: "87839", }, { db: "PACKETSTORM", id: "90263", }, { db: "PACKETSTORM", id: "111587", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2009-3094", trust: 3.5, }, { db: "SECUNIA", id: "36549", trust: 2.5, }, { db: "SECUNIA", id: "37152", trust: 1.7, }, { db: "VUPEN", id: "ADV-2010-0609", trust: 1.7, }, { db: "BID", id: "36260", trust: 1.1, }, { db: "VUPEN", id: "ADV-2009-2550", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2009-002187", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-200909-107", trust: 0.6, }, { db: "VULMON", id: "CVE-2009-3094", trust: 0.1, }, { db: "PACKETSTORM", id: "82799", trust: 0.1, }, { db: "PACKETSTORM", id: "83521", trust: 0.1, }, { db: "PACKETSTORM", id: "82647", trust: 0.1, }, { db: "PACKETSTORM", id: "81540", trust: 0.1, }, { db: "PACKETSTORM", id: "87839", trust: 0.1, }, { db: "PACKETSTORM", id: "90263", trust: 0.1, }, { db: "PACKETSTORM", id: "111587", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2009-3094", }, { db: "BID", id: "36260", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "PACKETSTORM", id: "82799", }, { db: "PACKETSTORM", id: "83521", }, { db: "PACKETSTORM", id: "82647", }, { db: "PACKETSTORM", id: "81540", }, { db: "PACKETSTORM", id: "87839", }, { db: "PACKETSTORM", id: "90263", }, { db: "PACKETSTORM", id: "111587", }, { db: "CNNVD", id: "CNNVD-200909-107", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, id: "VAR-200909-0801", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.17203079500000001, }, last_update_date: "2024-11-28T21:47:18.881000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Fixed in Apache httpd 2.0.64", trust: 0.8, url: "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64", }, { title: "Fixed in Apache httpd 2.2.14", trust: 0.8, url: "http://httpd.apache.org/security/vulnerabilities_22.html", }, { title: "httpd-2.2.3-31.2.1AXS3", trust: 0.8, url: "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=774", }, { title: "HPUXWSATW313", trust: 0.8, url: "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313", }, { title: "HPSBUX02531", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02160663", }, { title: "PM10658", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658", }, { title: "7014463", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009", }, { title: "7007033", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239", }, { title: "7006876", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239", }, { title: "7007951", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61029", }, { title: "PK96858", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858&loc=en_US", }, { title: "7008517", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61029", }, { title: "1819", trust: 0.8, url: "http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1819", }, { title: "1820", trust: 0.8, url: "http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1820", }, { title: "RHSA-2009:1579", trust: 0.8, url: "https://rhn.redhat.com/errata/RHSA-2009-1579.html", }, { title: "RHSA-2009:1580", trust: 0.8, url: "https://rhn.redhat.com/errata/RHSA-2009-1580.html", }, { title: "multiple_vulnerabilities_in_the_apache", trust: 0.8, url: "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_the_apache", }, { title: "TLSA-2009-30", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt", }, { title: "RHSA-2009:1579", trust: 0.8, url: "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1579J.html", }, { title: "RHSA-2009:1580", trust: 0.8, url: "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1580J.html", }, { title: "interstage_as_201007", trust: 0.8, url: "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201007.html", }, { title: "Red Hat: Moderate: httpd and httpd22 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100011 - Security Advisory", }, { title: "Debian CVElist Bug Report Logs: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a36c9e7334a243cf3d9e15331467e21c", }, { title: "Ubuntu Security Notice: apache2 vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-860-1", }, { title: "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a5a134c3483f034e2df5ced5ad7428ec", }, { title: "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=508649a9a651b4fb32a5cc0f1310d652", }, { title: "", trust: 0.1, url: "https://github.com/Live-Hack-CVE/CVE-2009-3094 ", }, ], sources: [ { db: "VULMON", id: "CVE-2009-3094", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-476", trust: 1, }, { problemtype: "CWE-119", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://secunia.com/advisories/36549", }, { trust: 2, url: "http://www.intevydis.com/blog/?p=59", }, { trust: 2, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96858", }, { trust: 2, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pm09161", }, { trust: 1.7, url: "http://intevydis.com/vd-list.shtml", }, { trust: 1.7, url: "http://secunia.com/advisories/37152", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { trust: 1.7, url: "http://www.debian.org/security/2009/dsa-1934", }, { trust: 1.7, url: "http://wiki.rpath.com/advisories:rpsa-2009-0155", }, { trust: 1.7, url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html", }, { trust: 1.7, url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { trust: 1.7, url: "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html", }, { trust: 1.7, url: "http://www.vupen.com/english/advisories/2010/0609", }, { trust: 1.7, url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { trust: 1.7, url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { trust: 1.7, url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { trust: 1.7, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8087", }, { trust: 1.7, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10981", }, { trust: 1.7, url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094", }, { trust: 1, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3094", }, { trust: 0.8, url: "http://www.securityfocus.com/bid/36260", }, { trust: 0.8, url: "http://www.vupen.com/english/advisories/2009/2550", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3095", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3094", }, { trust: 0.6, url: "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache", }, { trust: 0.6, url: "httpd.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.", }, { trust: 0.3, url: "http://httpd.apache.org/", }, { trust: 0.3, url: "http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html", }, { trust: 0.3, url: "http://www.apache.org/dist/httpd/changes_2.2.14", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658", }, { trust: 0.3, url: "http://intevydis.com/company.shtml", }, { trust: 0.3, url: "http://support.avaya.com/css/p8/documents/100074555", }, { trust: 0.3, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03236227", }, { trust: 0.3, url: "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02002308", }, { trust: 0.3, url: "https://kb.bluecoat.com/index?page=content&id=sa61&actp=list", }, { trust: 0.3, url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201007e.html", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095", }, { trust: 0.2, url: "http://www.mandriva.com/security/", }, { trust: 0.2, url: "http://www.mandriva.com/security/advisories", }, { trust: 0.2, url: "http://www.itrc.hp.com/service/cki/secbullarchive.do", }, { trust: 0.2, url: "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc", }, { trust: 0.2, url: "http://h30046.www3.hp.com/subsignin.php", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/476.html", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2009-3094", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2010:0011", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/860-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=18978", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb", }, { trust: 0.1, url: "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb", }, { trust: 0.1, url: "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195", }, { trust: 0.1, url: "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2008-2939", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-1890", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2008-1678", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-1195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-1191", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-1891", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://www.debian.org/security/", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb", }, { trust: 0.1, url: "http://packages.debian.org/<pkg>", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb", }, { trust: 0.1, url: "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-0740", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-0434", }, { trust: 0.1, url: "http://software.hp.com", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-0408", }, { trust: 0.1, url: "https://www.hp.com/go/swa", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-0433", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-2699", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-1452", }, { trust: 0.1, url: "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.1, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.1, url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430", }, ], sources: [ { db: "VULMON", id: "CVE-2009-3094", }, { db: "BID", id: "36260", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "PACKETSTORM", id: "82799", }, { db: "PACKETSTORM", id: "83521", }, { db: "PACKETSTORM", id: "82647", }, { db: "PACKETSTORM", id: "81540", }, { db: "PACKETSTORM", id: "87839", }, { db: "PACKETSTORM", id: "90263", }, { db: "PACKETSTORM", id: "111587", }, { db: "CNNVD", id: "CNNVD-200909-107", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2009-3094", }, { db: "BID", id: "36260", }, { db: "JVNDB", id: "JVNDB-2009-002187", }, { db: "PACKETSTORM", id: "82799", }, { db: "PACKETSTORM", id: "83521", }, { db: "PACKETSTORM", id: "82647", }, { db: "PACKETSTORM", id: "81540", }, { db: "PACKETSTORM", id: "87839", }, { db: "PACKETSTORM", id: "90263", }, { db: "PACKETSTORM", id: "111587", }, { db: "CNNVD", id: "CNNVD-200909-107", }, { db: "NVD", id: "CVE-2009-3094", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2009-09-08T00:00:00", db: "VULMON", id: "CVE-2009-3094", }, { date: "2009-09-03T00:00:00", db: "BID", id: "36260", }, { date: "2009-11-06T00:00:00", db: "JVNDB", id: "JVNDB-2009-002187", }, { date: "2009-11-19T18:46:00", db: "PACKETSTORM", id: "82799", }, { date: "2009-12-07T21:57:59", db: "PACKETSTORM", id: "83521", }, { date: "2009-11-16T23:36:55", db: "PACKETSTORM", id: "82647", }, { date: "2009-09-22T21:58:35", db: "PACKETSTORM", id: "81540", }, { date: "2010-03-31T15:49:00", db: "PACKETSTORM", id: "87839", }, { date: "2010-06-04T04:25:14", db: "PACKETSTORM", id: "90263", }, { date: "2012-04-05T00:55:15", db: "PACKETSTORM", id: "111587", }, { date: "2009-09-08T00:00:00", db: "CNNVD", id: "CNNVD-200909-107", }, { date: "2009-09-08T18:30:00.657000", db: "NVD", id: "CVE-2009-3094", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-19T00:00:00", db: "VULMON", id: "CVE-2009-3094", }, { date: "2015-04-13T21:44:00", db: "BID", id: "36260", }, { date: "2010-12-15T00:00:00", db: "JVNDB", id: "JVNDB-2009-002187", }, { date: "2022-09-20T00:00:00", db: "CNNVD", id: "CNNVD-200909-107", }, { date: "2024-11-21T01:06:31.453000", db: "NVD", id: "CVE-2009-3094", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "81540", }, { db: "CNNVD", id: "CNNVD-200909-107", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache HTTP Server of ap_proxy_ftp_handler Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2009-002187", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code problem", sources: [ { db: "CNNVD", id: "CNNVD-200909-107", }, ], trust: 0.6, }, }
fkie_cve-2009-3094
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| apache | http_server | * | |
| fedoraproject | fedora | 10 | |
| fedoraproject | fedora | 12 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", matchCriteriaId: "838655CB-43E7-4BDA-A80C-2314C9870717", versionEndExcluding: "2.0.64", versionStartIncluding: "2.0.35", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", matchCriteriaId: "2979A101-9EC8-4E80-BFFC-7300F94C8453", versionEndExcluding: "2.2.14", versionStartIncluding: "2.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", matchCriteriaId: "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", matchCriteriaId: "E44669D7-6C1E-4844-B78A-73E253A7CC17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", }, { lang: "es", value: "La función ap_proxy_ftp_handler en modules/proxy/proxy_ftp.c en el módulo mod_proxy_ftp en Apache HTTP Server v2.0.63 y v2.2.13, permite a servidores FTP remotos provocar una denegación de servicio (referencia a puntero NULL o caída de proceso hijo) a través de una respuesta mal formada al comando EPSV.", }, ], id: "CVE-2009-3094", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-08T18:30:00.657", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://intevydis.com/vd-list.shtml", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/36549", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/37152", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2009/dsa-1934", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.intevydis.com/blog/?p=59", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0609", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://intevydis.com/vd-list.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/36549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/37152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2009/dsa-1934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.intevydis.com/blog/?p=59", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "List of the errata fixing this flaw in affected products can be found at:\nhttps://www.redhat.com/security/data/cve/CVE-2009-3094.html", lastModified: "2009-11-12T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-vg4c-4xc2-v43h
Vulnerability from github
Published
2022-05-02 03:41
Modified
2025-04-09 04:13
Details
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
{ affected: [], aliases: [ "CVE-2009-3094", ], database_specific: { cwe_ids: [ "CWE-476", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2009-09-08T18:30:00Z", severity: "LOW", }, details: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", id: "GHSA-vg4c-4xc2-v43h", modified: "2025-04-09T04:13:58Z", published: "2022-05-02T03:41:44Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { type: "WEB", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", }, { type: "WEB", url: "http://intevydis.com/vd-list.shtml", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { type: "WEB", url: "http://secunia.com/advisories/36549", }, { type: "WEB", url: "http://secunia.com/advisories/37152", }, { type: "WEB", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { type: "WEB", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { type: "WEB", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { type: "WEB", url: "http://www.debian.org/security/2009/dsa-1934", }, { type: "WEB", url: "http://www.intevydis.com/blog/?p=59", }, { type: "WEB", url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2010/0609", }, ], schema_version: "1.4.0", severity: [], }
gsd-2009-3094
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Aliases
Aliases
{ GSD: { alias: "CVE-2009-3094", description: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", id: "GSD-2009-3094", references: [ "https://www.suse.com/security/cve/CVE-2009-3094.html", "https://www.debian.org/security/2009/dsa-1934", "https://access.redhat.com/errata/RHSA-2010:0602", "https://access.redhat.com/errata/RHSA-2010:0011", "https://access.redhat.com/errata/RHSA-2009:1580", "https://access.redhat.com/errata/RHSA-2009:1579", "https://access.redhat.com/errata/RHSA-2009:1461", "https://linux.oracle.com/cve/CVE-2009-3094.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2009-3094", ], details: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", id: "GSD-2009-3094", modified: "2023-12-13T01:19:49.028423Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3094", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SA:2009:050", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { name: "oval:org.mitre.oval:def:10981", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { name: "ADV-2010-0609", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0609", }, { name: "HPSBUX02531", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "SSRT090244", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "HPSBOV02506", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "37152", refsource: "SECUNIA", url: "http://secunia.com/advisories/37152", }, { name: "DSA-1934", refsource: "DEBIAN", url: "http://www.debian.org/security/2009/dsa-1934", }, { name: "PK96858", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { name: "20091124 rPSA-2009-0155-1 httpd mod_ssl", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { name: "http://www.intevydis.com/blog/?p=59", refsource: "MISC", url: "http://www.intevydis.com/blog/?p=59", }, { name: "SSRT100782", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "oval:org.mitre.oval:def:8087", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { name: "HPSBMU02753", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "FEDORA-2009-12604", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { name: "PM09161", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { name: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", refsource: "CONFIRM", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { name: "SSRT100108", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { name: "FEDORA-2009-12606", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { name: "http://intevydis.com/vd-list.shtml", refsource: "MISC", url: "http://intevydis.com/vd-list.shtml", }, { name: "36549", refsource: "SECUNIA", url: "http://secunia.com/advisories/36549", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.0.64", versionStartIncluding: "2.0.35", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.14", versionStartIncluding: "2.2.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3094", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "http://intevydis.com/vd-list.shtml", refsource: "MISC", tags: [ "Broken Link", ], url: "http://intevydis.com/vd-list.shtml", }, { name: "http://www.intevydis.com/blog/?p=59", refsource: "MISC", tags: [ "Broken Link", ], url: "http://www.intevydis.com/blog/?p=59", }, { name: "36549", refsource: "SECUNIA", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/36549", }, { name: "37152", refsource: "SECUNIA", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/37152", }, { name: "SUSE-SA:2009:050", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", }, { name: "DSA-1934", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2009/dsa-1934", }, { name: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0155", }, { name: "FEDORA-2009-12606", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", refsource: "CONFIRM", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { name: "FEDORA-2009-12604", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", }, { name: "PK96858", refsource: "AIXAPAR", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858", }, { name: "ADV-2010-0609", refsource: "VUPEN", tags: [ "Permissions Required", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0609", }, { name: "PM09161", refsource: "AIXAPAR", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161", }, { name: "SSRT090244", refsource: "HP", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=126998684522511&w=2", }, { name: "SSRT100782", refsource: "HP", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133355494609819&w=2", }, { name: "HPSBUX02531", refsource: "HP", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=127557640302499&w=2", }, { name: "oval:org.mitre.oval:def:8087", refsource: "OVAL", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8087", }, { name: "oval:org.mitre.oval:def:10981", refsource: "OVAL", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10981", }, { name: "20091124 rPSA-2009-0155-1 httpd mod_ssl", refsource: "BUGTRAQ", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/508075/100/0/threaded", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Third Party Advisory", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, }, lastModifiedDate: "2022-09-19T19:49Z", publishedDate: "2009-09-08T18:30Z", }, }, }
opensuse-su-2024:10268-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
apache2-2.4.23-4.1 on GA media
Notes
Title of the patch
apache2-2.4.23-4.1 on GA media
Description of the patch
These are all security issues fixed in the apache2-2.4.23-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10268
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "apache2-2.4.23-4.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the apache2-2.4.23-4.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10268", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10268-1.json", }, { category: "self", summary: "SUSE CVE CVE-2009-0023 page", url: "https://www.suse.com/security/cve/CVE-2009-0023/", }, { category: "self", summary: "SUSE CVE CVE-2009-1191 page", url: "https://www.suse.com/security/cve/CVE-2009-1191/", }, { category: "self", summary: "SUSE CVE CVE-2009-1195 page", url: "https://www.suse.com/security/cve/CVE-2009-1195/", }, { category: "self", summary: "SUSE CVE CVE-2009-1890 page", url: "https://www.suse.com/security/cve/CVE-2009-1890/", }, { category: "self", summary: "SUSE CVE CVE-2009-1891 page", url: "https://www.suse.com/security/cve/CVE-2009-1891/", }, { category: "self", summary: "SUSE CVE CVE-2009-1955 page", url: "https://www.suse.com/security/cve/CVE-2009-1955/", }, { category: "self", summary: "SUSE CVE CVE-2009-1956 page", url: "https://www.suse.com/security/cve/CVE-2009-1956/", }, { category: "self", summary: "SUSE CVE CVE-2009-2412 page", url: "https://www.suse.com/security/cve/CVE-2009-2412/", }, { category: "self", summary: "SUSE CVE CVE-2009-2699 page", url: "https://www.suse.com/security/cve/CVE-2009-2699/", }, { category: "self", summary: "SUSE CVE CVE-2009-3094 page", url: "https://www.suse.com/security/cve/CVE-2009-3094/", }, { category: "self", summary: "SUSE CVE CVE-2009-3095 page", url: "https://www.suse.com/security/cve/CVE-2009-3095/", }, { category: "self", summary: "SUSE CVE CVE-2009-3555 page", url: "https://www.suse.com/security/cve/CVE-2009-3555/", }, { category: "self", summary: "SUSE CVE CVE-2009-3560 page", url: "https://www.suse.com/security/cve/CVE-2009-3560/", }, { category: "self", summary: "SUSE CVE CVE-2009-3720 page", url: "https://www.suse.com/security/cve/CVE-2009-3720/", }, { category: "self", summary: "SUSE CVE CVE-2010-0408 page", url: "https://www.suse.com/security/cve/CVE-2010-0408/", }, { category: "self", summary: "SUSE CVE CVE-2010-0425 page", url: "https://www.suse.com/security/cve/CVE-2010-0425/", }, { category: "self", summary: "SUSE CVE CVE-2010-0434 page", url: "https://www.suse.com/security/cve/CVE-2010-0434/", }, { category: "self", summary: "SUSE CVE CVE-2010-1452 page", url: "https://www.suse.com/security/cve/CVE-2010-1452/", }, { category: "self", summary: "SUSE CVE CVE-2010-1623 page", url: "https://www.suse.com/security/cve/CVE-2010-1623/", }, { category: "self", summary: "SUSE CVE CVE-2010-2068 page", url: "https://www.suse.com/security/cve/CVE-2010-2068/", }, { category: "self", summary: "SUSE CVE CVE-2011-1176 page", url: "https://www.suse.com/security/cve/CVE-2011-1176/", }, { category: "self", summary: "SUSE CVE CVE-2011-3192 page", url: "https://www.suse.com/security/cve/CVE-2011-3192/", }, { category: "self", summary: "SUSE CVE CVE-2011-3368 page", url: "https://www.suse.com/security/cve/CVE-2011-3368/", }, { category: "self", summary: "SUSE CVE CVE-2011-3607 page", url: "https://www.suse.com/security/cve/CVE-2011-3607/", }, { category: "self", summary: "SUSE CVE CVE-2011-4317 page", url: "https://www.suse.com/security/cve/CVE-2011-4317/", }, { category: "self", summary: "SUSE CVE CVE-2012-0021 page", url: "https://www.suse.com/security/cve/CVE-2012-0021/", }, { category: "self", summary: "SUSE CVE CVE-2012-0031 page", url: "https://www.suse.com/security/cve/CVE-2012-0031/", }, { category: "self", summary: "SUSE CVE CVE-2012-0053 page", url: "https://www.suse.com/security/cve/CVE-2012-0053/", }, { category: "self", summary: "SUSE CVE CVE-2012-2687 page", url: "https://www.suse.com/security/cve/CVE-2012-2687/", }, { category: "self", summary: "SUSE CVE CVE-2012-3499 page", url: "https://www.suse.com/security/cve/CVE-2012-3499/", }, { category: "self", summary: "SUSE CVE CVE-2012-3502 page", url: "https://www.suse.com/security/cve/CVE-2012-3502/", }, { category: "self", summary: "SUSE CVE CVE-2013-1896 page", url: "https://www.suse.com/security/cve/CVE-2013-1896/", }, { category: "self", summary: "SUSE CVE CVE-2013-2249 page", url: "https://www.suse.com/security/cve/CVE-2013-2249/", }, { category: "self", summary: "SUSE CVE CVE-2013-5704 page", url: "https://www.suse.com/security/cve/CVE-2013-5704/", }, { category: "self", summary: "SUSE CVE CVE-2013-6438 page", url: "https://www.suse.com/security/cve/CVE-2013-6438/", }, { category: "self", summary: "SUSE CVE CVE-2014-0098 page", url: "https://www.suse.com/security/cve/CVE-2014-0098/", }, { category: "self", summary: "SUSE CVE CVE-2014-0117 page", url: "https://www.suse.com/security/cve/CVE-2014-0117/", }, { category: "self", summary: "SUSE CVE CVE-2014-0118 page", url: "https://www.suse.com/security/cve/CVE-2014-0118/", }, { category: "self", summary: "SUSE CVE CVE-2014-0226 page", url: "https://www.suse.com/security/cve/CVE-2014-0226/", }, { category: "self", summary: "SUSE CVE CVE-2014-0231 page", url: "https://www.suse.com/security/cve/CVE-2014-0231/", }, { category: "self", summary: "SUSE CVE CVE-2014-3523 page", url: "https://www.suse.com/security/cve/CVE-2014-3523/", }, { category: "self", summary: "SUSE CVE CVE-2014-3581 page", url: "https://www.suse.com/security/cve/CVE-2014-3581/", }, { category: "self", summary: "SUSE CVE CVE-2014-3583 page", url: "https://www.suse.com/security/cve/CVE-2014-3583/", }, { category: "self", summary: "SUSE CVE CVE-2014-8109 page", url: "https://www.suse.com/security/cve/CVE-2014-8109/", }, { category: "self", summary: "SUSE CVE CVE-2015-0228 page", url: "https://www.suse.com/security/cve/CVE-2015-0228/", }, { category: "self", summary: "SUSE CVE CVE-2015-0253 page", url: "https://www.suse.com/security/cve/CVE-2015-0253/", }, { category: "self", summary: "SUSE CVE CVE-2015-4000 page", url: "https://www.suse.com/security/cve/CVE-2015-4000/", }, { category: "self", summary: "SUSE CVE CVE-2016-4979 page", url: "https://www.suse.com/security/cve/CVE-2016-4979/", }, ], title: "apache2-2.4.23-4.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10268-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "apache2-2.4.23-4.1.aarch64", product: { name: "apache2-2.4.23-4.1.aarch64", product_id: "apache2-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-devel-2.4.23-4.1.aarch64", product: { name: "apache2-devel-2.4.23-4.1.aarch64", product_id: "apache2-devel-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-doc-2.4.23-4.1.aarch64", product: { name: "apache2-doc-2.4.23-4.1.aarch64", product_id: "apache2-doc-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-event-2.4.23-4.1.aarch64", product: { name: "apache2-event-2.4.23-4.1.aarch64", product_id: "apache2-event-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-example-pages-2.4.23-4.1.aarch64", product: { name: "apache2-example-pages-2.4.23-4.1.aarch64", product_id: "apache2-example-pages-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-prefork-2.4.23-4.1.aarch64", product: { name: "apache2-prefork-2.4.23-4.1.aarch64", product_id: "apache2-prefork-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-utils-2.4.23-4.1.aarch64", product: { name: "apache2-utils-2.4.23-4.1.aarch64", product_id: "apache2-utils-2.4.23-4.1.aarch64", }, }, { category: "product_version", name: "apache2-worker-2.4.23-4.1.aarch64", product: { name: "apache2-worker-2.4.23-4.1.aarch64", product_id: "apache2-worker-2.4.23-4.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "apache2-2.4.23-4.1.ppc64le", product: { name: "apache2-2.4.23-4.1.ppc64le", product_id: "apache2-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-devel-2.4.23-4.1.ppc64le", product: { name: "apache2-devel-2.4.23-4.1.ppc64le", product_id: "apache2-devel-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-doc-2.4.23-4.1.ppc64le", product: { name: "apache2-doc-2.4.23-4.1.ppc64le", product_id: "apache2-doc-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-event-2.4.23-4.1.ppc64le", product: { name: "apache2-event-2.4.23-4.1.ppc64le", product_id: "apache2-event-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-example-pages-2.4.23-4.1.ppc64le", product: { name: "apache2-example-pages-2.4.23-4.1.ppc64le", product_id: "apache2-example-pages-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-prefork-2.4.23-4.1.ppc64le", product: { name: "apache2-prefork-2.4.23-4.1.ppc64le", product_id: "apache2-prefork-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-utils-2.4.23-4.1.ppc64le", product: { name: "apache2-utils-2.4.23-4.1.ppc64le", product_id: "apache2-utils-2.4.23-4.1.ppc64le", }, }, { category: "product_version", name: "apache2-worker-2.4.23-4.1.ppc64le", product: { name: "apache2-worker-2.4.23-4.1.ppc64le", product_id: "apache2-worker-2.4.23-4.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "apache2-2.4.23-4.1.s390x", product: { name: "apache2-2.4.23-4.1.s390x", product_id: "apache2-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-devel-2.4.23-4.1.s390x", product: { name: "apache2-devel-2.4.23-4.1.s390x", product_id: "apache2-devel-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-doc-2.4.23-4.1.s390x", product: { name: "apache2-doc-2.4.23-4.1.s390x", product_id: "apache2-doc-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-event-2.4.23-4.1.s390x", product: { name: "apache2-event-2.4.23-4.1.s390x", product_id: "apache2-event-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-example-pages-2.4.23-4.1.s390x", product: { name: "apache2-example-pages-2.4.23-4.1.s390x", product_id: "apache2-example-pages-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-prefork-2.4.23-4.1.s390x", product: { name: "apache2-prefork-2.4.23-4.1.s390x", product_id: "apache2-prefork-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-utils-2.4.23-4.1.s390x", product: { name: "apache2-utils-2.4.23-4.1.s390x", product_id: "apache2-utils-2.4.23-4.1.s390x", }, }, { category: "product_version", name: "apache2-worker-2.4.23-4.1.s390x", product: { name: "apache2-worker-2.4.23-4.1.s390x", product_id: "apache2-worker-2.4.23-4.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "apache2-2.4.23-4.1.x86_64", product: { name: "apache2-2.4.23-4.1.x86_64", product_id: "apache2-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-devel-2.4.23-4.1.x86_64", product: { name: "apache2-devel-2.4.23-4.1.x86_64", product_id: "apache2-devel-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-doc-2.4.23-4.1.x86_64", product: { name: "apache2-doc-2.4.23-4.1.x86_64", product_id: "apache2-doc-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-event-2.4.23-4.1.x86_64", product: { name: "apache2-event-2.4.23-4.1.x86_64", product_id: "apache2-event-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-example-pages-2.4.23-4.1.x86_64", product: { name: "apache2-example-pages-2.4.23-4.1.x86_64", product_id: "apache2-example-pages-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-prefork-2.4.23-4.1.x86_64", product: { name: "apache2-prefork-2.4.23-4.1.x86_64", product_id: "apache2-prefork-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-utils-2.4.23-4.1.x86_64", product: { name: "apache2-utils-2.4.23-4.1.x86_64", product_id: "apache2-utils-2.4.23-4.1.x86_64", }, }, { category: "product_version", name: "apache2-worker-2.4.23-4.1.x86_64", product: { name: "apache2-worker-2.4.23-4.1.x86_64", product_id: "apache2-worker-2.4.23-4.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "apache2-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", }, product_reference: "apache2-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", }, product_reference: "apache2-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", }, product_reference: "apache2-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", }, product_reference: "apache2-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-devel-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", }, product_reference: "apache2-devel-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-devel-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", }, product_reference: "apache2-devel-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-devel-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", }, product_reference: "apache2-devel-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-devel-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", }, product_reference: "apache2-devel-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-doc-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", }, product_reference: "apache2-doc-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-doc-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", }, product_reference: "apache2-doc-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-doc-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", }, product_reference: "apache2-doc-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-doc-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", }, product_reference: "apache2-doc-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-event-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", }, product_reference: "apache2-event-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-event-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", }, product_reference: "apache2-event-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-event-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", }, product_reference: "apache2-event-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-event-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", }, product_reference: "apache2-event-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", }, product_reference: "apache2-example-pages-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", }, product_reference: "apache2-example-pages-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", }, product_reference: "apache2-example-pages-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-example-pages-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", }, product_reference: "apache2-example-pages-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", }, product_reference: "apache2-prefork-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", }, product_reference: "apache2-prefork-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", }, product_reference: "apache2-prefork-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-prefork-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", }, product_reference: "apache2-prefork-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", }, product_reference: "apache2-utils-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", }, product_reference: "apache2-utils-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", }, product_reference: "apache2-utils-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-utils-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", }, product_reference: "apache2-utils-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.23-4.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", }, product_reference: "apache2-worker-2.4.23-4.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.23-4.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", }, product_reference: "apache2-worker-2.4.23-4.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.23-4.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", }, product_reference: "apache2-worker-2.4.23-4.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache2-worker-2.4.23-4.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", }, product_reference: "apache2-worker-2.4.23-4.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0023", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0023", }, ], notes: [ { category: "general", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0023", url: "https://www.suse.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "SUSE Bug 510301 for CVE-2009-0023", url: "https://bugzilla.suse.com/510301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0023", }, { cve: "CVE-2009-1191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1191", }, ], notes: [ { category: "general", text: "mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1191", url: "https://www.suse.com/security/cve/CVE-2009-1191", }, { category: "external", summary: "SUSE Bug 521943 for CVE-2009-1191", url: "https://bugzilla.suse.com/521943", }, { category: "external", summary: "SUSE Bug 539571 for CVE-2009-1191", url: "https://bugzilla.suse.com/539571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-1191", }, { cve: "CVE-2009-1195", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1195", }, ], notes: [ { category: "general", text: "The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1195", url: "https://www.suse.com/security/cve/CVE-2009-1195", }, { category: "external", summary: "SUSE Bug 512583 for CVE-2009-1195", url: "https://bugzilla.suse.com/512583", }, { category: "external", summary: "SUSE Bug 513080 for CVE-2009-1195", url: "https://bugzilla.suse.com/513080", }, { category: "external", summary: "SUSE Bug 539571 for CVE-2009-1195", url: "https://bugzilla.suse.com/539571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-1195", }, { cve: "CVE-2009-1890", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1890", }, ], notes: [ { category: "general", text: "The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1890", url: "https://www.suse.com/security/cve/CVE-2009-1890", }, { category: "external", summary: "SUSE Bug 519194 for CVE-2009-1890", url: "https://bugzilla.suse.com/519194", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-1890", }, { cve: "CVE-2009-1891", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1891", }, ], notes: [ { category: "general", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1891", url: "https://www.suse.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "SUSE Bug 521906 for CVE-2009-1891", url: "https://bugzilla.suse.com/521906", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-1891", }, { cve: "CVE-2009-1955", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1955", }, ], notes: [ { category: "general", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1955", url: "https://www.suse.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "SUSE Bug 509825 for CVE-2009-1955", url: "https://bugzilla.suse.com/509825", }, { category: "external", summary: "SUSE Bug 510301 for CVE-2009-1955", url: "https://bugzilla.suse.com/510301", }, { category: "external", summary: "SUSE Bug 529591 for CVE-2009-1955", url: "https://bugzilla.suse.com/529591", }, { category: "external", summary: "SUSE Bug 992541 for CVE-2009-1955", url: "https://bugzilla.suse.com/992541", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-1955", }, { cve: "CVE-2009-1956", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1956", }, ], notes: [ { category: "general", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1956", url: "https://www.suse.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "SUSE Bug 510301 for CVE-2009-1956", url: "https://bugzilla.suse.com/510301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-1956", }, { cve: "CVE-2009-2412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-2412", }, ], notes: [ { category: "general", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-2412", url: "https://www.suse.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "SUSE Bug 528714 for CVE-2009-2412", url: "https://bugzilla.suse.com/528714", }, { category: "external", summary: "SUSE Bug 529591 for CVE-2009-2412", url: "https://bugzilla.suse.com/529591", }, { category: "external", summary: "SUSE Bug 802057 for CVE-2009-2412", url: "https://bugzilla.suse.com/802057", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2009-2412", }, { cve: "CVE-2009-2699", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-2699", }, ], notes: [ { category: "general", text: "The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-2699", url: "https://www.suse.com/security/cve/CVE-2009-2699", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2009-2699", url: "https://bugzilla.suse.com/1078450", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-2699", }, { cve: "CVE-2009-3094", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3094", }, ], notes: [ { category: "general", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3094", url: "https://www.suse.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "SUSE Bug 538322 for CVE-2009-3094", url: "https://bugzilla.suse.com/538322", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3094", }, { cve: "CVE-2009-3095", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3095", }, ], notes: [ { category: "general", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3095", url: "https://www.suse.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "SUSE Bug 538322 for CVE-2009-3095", url: "https://bugzilla.suse.com/538322", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3095", }, { cve: "CVE-2009-3555", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3555", }, ], notes: [ { category: "general", text: "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3555", url: "https://www.suse.com/security/cve/CVE-2009-3555", }, { category: "external", summary: "SUSE Bug 1077582 for CVE-2009-3555", url: "https://bugzilla.suse.com/1077582", }, { category: "external", summary: "SUSE Bug 459468 for CVE-2009-3555", url: "https://bugzilla.suse.com/459468", }, { category: "external", summary: "SUSE Bug 552497 for CVE-2009-3555", url: "https://bugzilla.suse.com/552497", }, { category: "external", summary: "SUSE Bug 553641 for CVE-2009-3555", url: "https://bugzilla.suse.com/553641", }, { category: "external", summary: "SUSE Bug 554069 for CVE-2009-3555", url: "https://bugzilla.suse.com/554069", }, { category: "external", summary: "SUSE Bug 554084 for CVE-2009-3555", url: "https://bugzilla.suse.com/554084", }, { category: "external", summary: "SUSE Bug 554085 for CVE-2009-3555", url: "https://bugzilla.suse.com/554085", }, { category: "external", summary: "SUSE Bug 555177 for CVE-2009-3555", url: "https://bugzilla.suse.com/555177", }, { category: "external", summary: "SUSE Bug 557168 for CVE-2009-3555", url: "https://bugzilla.suse.com/557168", }, { category: "external", summary: "SUSE Bug 564507 for CVE-2009-3555", url: "https://bugzilla.suse.com/564507", }, { category: "external", summary: "SUSE Bug 566041 for CVE-2009-3555", url: "https://bugzilla.suse.com/566041", }, { category: "external", summary: "SUSE Bug 584292 for CVE-2009-3555", url: "https://bugzilla.suse.com/584292", }, { category: "external", summary: "SUSE Bug 586567 for CVE-2009-3555", url: "https://bugzilla.suse.com/586567", }, { category: "external", summary: "SUSE Bug 588996 for CVE-2009-3555", url: "https://bugzilla.suse.com/588996", }, { category: "external", summary: "SUSE Bug 590826 for CVE-2009-3555", url: "https://bugzilla.suse.com/590826", }, { category: "external", summary: "SUSE Bug 592589 for CVE-2009-3555", url: "https://bugzilla.suse.com/592589", }, { category: "external", summary: "SUSE Bug 594415 for CVE-2009-3555", url: "https://bugzilla.suse.com/594415", }, { category: "external", summary: "SUSE Bug 604782 for CVE-2009-3555", url: "https://bugzilla.suse.com/604782", }, { category: "external", summary: "SUSE Bug 614753 for CVE-2009-3555", url: "https://bugzilla.suse.com/614753", }, { category: "external", summary: "SUSE Bug 622073 for CVE-2009-3555", url: "https://bugzilla.suse.com/622073", }, { category: "external", summary: "SUSE Bug 623905 for CVE-2009-3555", url: "https://bugzilla.suse.com/623905", }, { category: "external", summary: "SUSE Bug 629905 for CVE-2009-3555", url: "https://bugzilla.suse.com/629905", }, { category: "external", summary: "SUSE Bug 642531 for CVE-2009-3555", url: "https://bugzilla.suse.com/642531", }, { category: "external", summary: "SUSE Bug 646073 for CVE-2009-3555", url: "https://bugzilla.suse.com/646073", }, { category: "external", summary: "SUSE Bug 646906 for CVE-2009-3555", url: "https://bugzilla.suse.com/646906", }, { category: "external", summary: "SUSE Bug 648140 for CVE-2009-3555", url: "https://bugzilla.suse.com/648140", }, { category: "external", summary: "SUSE Bug 648950 for CVE-2009-3555", url: "https://bugzilla.suse.com/648950", }, { category: "external", summary: "SUSE Bug 659926 for CVE-2009-3555", url: "https://bugzilla.suse.com/659926", }, { category: "external", summary: "SUSE Bug 670152 for CVE-2009-3555", url: "https://bugzilla.suse.com/670152", }, { category: "external", summary: "SUSE Bug 704832 for CVE-2009-3555", url: "https://bugzilla.suse.com/704832", }, { category: "external", summary: "SUSE Bug 728876 for CVE-2009-3555", url: "https://bugzilla.suse.com/728876", }, { category: "external", summary: "SUSE Bug 729181 for CVE-2009-3555", url: "https://bugzilla.suse.com/729181", }, { category: "external", summary: "SUSE Bug 753357 for CVE-2009-3555", url: "https://bugzilla.suse.com/753357", }, { category: "external", summary: "SUSE Bug 791794 for CVE-2009-3555", url: "https://bugzilla.suse.com/791794", }, { category: "external", summary: "SUSE Bug 799454 for CVE-2009-3555", url: "https://bugzilla.suse.com/799454", }, { category: "external", summary: "SUSE Bug 815621 for CVE-2009-3555", url: "https://bugzilla.suse.com/815621", }, { category: "external", summary: "SUSE Bug 905347 for CVE-2009-3555", url: "https://bugzilla.suse.com/905347", }, { category: "external", summary: "SUSE Bug 979060 for CVE-2009-3555", url: "https://bugzilla.suse.com/979060", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2009-3555", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3555", }, { cve: "CVE-2009-3560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3560", }, ], notes: [ { category: "general", text: "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3560", url: "https://www.suse.com/security/cve/CVE-2009-3560", }, { category: "external", summary: "SUSE Bug 550666 for CVE-2009-3560", url: "https://bugzilla.suse.com/550666", }, { category: "external", summary: "SUSE Bug 558892 for CVE-2009-3560", url: "https://bugzilla.suse.com/558892", }, { category: "external", summary: "SUSE Bug 561561 for CVE-2009-3560", url: "https://bugzilla.suse.com/561561", }, { category: "external", summary: "SUSE Bug 581162 for CVE-2009-3560", url: "https://bugzilla.suse.com/581162", }, { category: "external", summary: "SUSE Bug 581765 for CVE-2009-3560", url: "https://bugzilla.suse.com/581765", }, { category: "external", summary: "SUSE Bug 611931 for CVE-2009-3560", url: "https://bugzilla.suse.com/611931", }, { category: "external", summary: "SUSE Bug 694595 for CVE-2009-3560", url: "https://bugzilla.suse.com/694595", }, { category: "external", summary: "SUSE Bug 725950 for CVE-2009-3560", url: "https://bugzilla.suse.com/725950", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3560", }, { cve: "CVE-2009-3720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3720", }, ], notes: [ { category: "general", text: "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3720", url: "https://www.suse.com/security/cve/CVE-2009-3720", }, { category: "external", summary: "SUSE Bug 534721 for CVE-2009-3720", url: "https://bugzilla.suse.com/534721", }, { category: "external", summary: "SUSE Bug 550664 for CVE-2009-3720", url: "https://bugzilla.suse.com/550664", }, { category: "external", summary: "SUSE Bug 550666 for CVE-2009-3720", url: "https://bugzilla.suse.com/550666", }, { category: "external", summary: "SUSE Bug 558892 for CVE-2009-3720", url: "https://bugzilla.suse.com/558892", }, { category: "external", summary: "SUSE Bug 561561 for CVE-2009-3720", url: "https://bugzilla.suse.com/561561", }, { category: "external", summary: "SUSE Bug 581162 for CVE-2009-3720", url: "https://bugzilla.suse.com/581162", }, { category: "external", summary: "SUSE Bug 581765 for CVE-2009-3720", url: "https://bugzilla.suse.com/581765", }, { category: "external", summary: "SUSE Bug 611931 for CVE-2009-3720", url: "https://bugzilla.suse.com/611931", }, { category: "external", summary: "SUSE Bug 725950 for CVE-2009-3720", url: "https://bugzilla.suse.com/725950", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3720", }, { cve: "CVE-2010-0408", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0408", }, ], notes: [ { category: "general", text: "The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0408", url: "https://www.suse.com/security/cve/CVE-2010-0408", }, { category: "external", summary: "SUSE Bug 586572 for CVE-2010-0408", url: "https://bugzilla.suse.com/586572", }, { category: "external", summary: "SUSE Bug 601151 for CVE-2010-0408", url: "https://bugzilla.suse.com/601151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-0408", }, { cve: "CVE-2010-0425", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0425", }, ], notes: [ { category: "general", text: "modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0425", url: "https://www.suse.com/security/cve/CVE-2010-0425", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2010-0425", url: "https://bugzilla.suse.com/1078450", }, { category: "external", summary: "SUSE Bug 586572 for CVE-2010-0425", url: "https://bugzilla.suse.com/586572", }, { category: "external", summary: "SUSE Bug 601151 for CVE-2010-0425", url: "https://bugzilla.suse.com/601151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2010-0425", }, { cve: "CVE-2010-0434", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-0434", }, ], notes: [ { category: "general", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-0434", url: "https://www.suse.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "SUSE Bug 586572 for CVE-2010-0434", url: "https://bugzilla.suse.com/586572", }, { category: "external", summary: "SUSE Bug 601151 for CVE-2010-0434", url: "https://bugzilla.suse.com/601151", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-0434", }, { cve: "CVE-2010-1452", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1452", }, ], notes: [ { category: "general", text: "The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1452", url: "https://www.suse.com/security/cve/CVE-2010-1452", }, { category: "external", summary: "SUSE Bug 627030 for CVE-2010-1452", url: "https://bugzilla.suse.com/627030", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1452", }, { cve: "CVE-2010-1623", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-1623", }, ], notes: [ { category: "general", text: "Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-1623", url: "https://www.suse.com/security/cve/CVE-2010-1623", }, { category: "external", summary: "SUSE Bug 650435 for CVE-2010-1623", url: "https://bugzilla.suse.com/650435", }, { category: "external", summary: "SUSE Bug 693778 for CVE-2010-1623", url: "https://bugzilla.suse.com/693778", }, { category: "external", summary: "SUSE Bug 725950 for CVE-2010-1623", url: "https://bugzilla.suse.com/725950", }, { category: "external", summary: "SUSE Bug 997229 for CVE-2010-1623", url: "https://bugzilla.suse.com/997229", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-1623", }, { cve: "CVE-2010-2068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2010-2068", }, ], notes: [ { category: "general", text: "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2010-2068", url: "https://www.suse.com/security/cve/CVE-2010-2068", }, { category: "external", summary: "SUSE Bug 627030 for CVE-2010-2068", url: "https://bugzilla.suse.com/627030", }, { category: "external", summary: "SUSE Bug 627387 for CVE-2010-2068", url: "https://bugzilla.suse.com/627387", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2010-2068", }, { cve: "CVE-2011-1176", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-1176", }, ], notes: [ { category: "general", text: "The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-1176", url: "https://www.suse.com/security/cve/CVE-2011-1176", }, { category: "external", summary: "SUSE Bug 681176 for CVE-2011-1176", url: "https://bugzilla.suse.com/681176", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-1176", }, { cve: "CVE-2011-3192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-3192", }, ], notes: [ { category: "general", text: "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-3192", url: "https://www.suse.com/security/cve/CVE-2011-3192", }, { category: "external", summary: "SUSE Bug 713966 for CVE-2011-3192", url: "https://bugzilla.suse.com/713966", }, { category: "external", summary: "SUSE Bug 714306 for CVE-2011-3192", url: "https://bugzilla.suse.com/714306", }, { category: "external", summary: "SUSE Bug 716634 for CVE-2011-3192", url: "https://bugzilla.suse.com/716634", }, { category: "external", summary: "SUSE Bug 718106 for CVE-2011-3192", url: "https://bugzilla.suse.com/718106", }, { category: "external", summary: "SUSE Bug 722545 for CVE-2011-3192", url: "https://bugzilla.suse.com/722545", }, { category: "external", summary: "SUSE Bug 726139 for CVE-2011-3192", url: "https://bugzilla.suse.com/726139", }, { category: "external", summary: "SUSE Bug 732051 for CVE-2011-3192", url: "https://bugzilla.suse.com/732051", }, { category: "external", summary: "SUSE Bug 983778 for CVE-2011-3192", url: "https://bugzilla.suse.com/983778", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2011-3192", }, { cve: "CVE-2011-3368", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-3368", }, ], notes: [ { category: "general", text: "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-3368", url: "https://www.suse.com/security/cve/CVE-2011-3368", }, { category: "external", summary: "SUSE Bug 722545 for CVE-2011-3368", url: "https://bugzilla.suse.com/722545", }, { category: "external", summary: "SUSE Bug 723308 for CVE-2011-3368", url: "https://bugzilla.suse.com/723308", }, { category: "external", summary: "SUSE Bug 728876 for CVE-2011-3368", url: "https://bugzilla.suse.com/728876", }, { category: "external", summary: "SUSE Bug 729181 for CVE-2011-3368", url: "https://bugzilla.suse.com/729181", }, { category: "external", summary: "SUSE Bug 754831 for CVE-2011-3368", url: "https://bugzilla.suse.com/754831", }, { category: "external", summary: "SUSE Bug 791794 for CVE-2011-3368", url: "https://bugzilla.suse.com/791794", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-3368", }, { cve: "CVE-2011-3607", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-3607", }, ], notes: [ { category: "general", text: "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-3607", url: "https://www.suse.com/security/cve/CVE-2011-3607", }, { category: "external", summary: "SUSE Bug 728876 for CVE-2011-3607", url: "https://bugzilla.suse.com/728876", }, { category: "external", summary: "SUSE Bug 729181 for CVE-2011-3607", url: "https://bugzilla.suse.com/729181", }, { category: "external", summary: "SUSE Bug 729183 for CVE-2011-3607", url: "https://bugzilla.suse.com/729183", }, { category: "external", summary: "SUSE Bug 806721 for CVE-2011-3607", url: "https://bugzilla.suse.com/806721", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-3607", }, { cve: "CVE-2011-4317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-4317", }, ], notes: [ { category: "general", text: "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-4317", url: "https://www.suse.com/security/cve/CVE-2011-4317", }, { category: "external", summary: "SUSE Bug 722545 for CVE-2011-4317", url: "https://bugzilla.suse.com/722545", }, { category: "external", summary: "SUSE Bug 728876 for CVE-2011-4317", url: "https://bugzilla.suse.com/728876", }, { category: "external", summary: "SUSE Bug 729181 for CVE-2011-4317", url: "https://bugzilla.suse.com/729181", }, { category: "external", summary: "SUSE Bug 791794 for CVE-2011-4317", url: "https://bugzilla.suse.com/791794", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-4317", }, { cve: "CVE-2012-0021", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-0021", }, ], notes: [ { category: "general", text: "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-0021", url: "https://www.suse.com/security/cve/CVE-2012-0021", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2012-0021", url: "https://bugzilla.suse.com/1078450", }, { category: "external", summary: "SUSE Bug 743744 for CVE-2012-0021", url: "https://bugzilla.suse.com/743744", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-0021", }, { cve: "CVE-2012-0031", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-0031", }, ], notes: [ { category: "general", text: "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-0031", url: "https://www.suse.com/security/cve/CVE-2012-0031", }, { category: "external", summary: "SUSE Bug 741243 for CVE-2012-0031", url: "https://bugzilla.suse.com/741243", }, { category: "external", summary: "SUSE Bug 806721 for CVE-2012-0031", url: "https://bugzilla.suse.com/806721", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-0031", }, { cve: "CVE-2012-0053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-0053", }, ], notes: [ { category: "general", text: "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-0053", url: "https://www.suse.com/security/cve/CVE-2012-0053", }, { category: "external", summary: "SUSE Bug 743743 for CVE-2012-0053", url: "https://bugzilla.suse.com/743743", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-0053", }, { cve: "CVE-2012-2687", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-2687", }, ], notes: [ { category: "general", text: "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-2687", url: "https://www.suse.com/security/cve/CVE-2012-2687", }, { category: "external", summary: "SUSE Bug 777260 for CVE-2012-2687", url: "https://bugzilla.suse.com/777260", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2012-2687", }, { cve: "CVE-2012-3499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-3499", }, ], notes: [ { category: "general", text: "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-3499", url: "https://www.suse.com/security/cve/CVE-2012-3499", }, { category: "external", summary: "SUSE Bug 806458 for CVE-2012-3499", url: "https://bugzilla.suse.com/806458", }, { category: "external", summary: "SUSE Bug 807511 for CVE-2012-3499", url: "https://bugzilla.suse.com/807511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-3499", }, { cve: "CVE-2012-3502", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-3502", }, ], notes: [ { category: "general", text: "The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-3502", url: "https://www.suse.com/security/cve/CVE-2012-3502", }, { category: "external", summary: "SUSE Bug 777119 for CVE-2012-3502", url: "https://bugzilla.suse.com/777119", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-3502", }, { cve: "CVE-2013-1896", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1896", }, ], notes: [ { category: "general", text: "mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1896", url: "https://www.suse.com/security/cve/CVE-2013-1896", }, { category: "external", summary: "SUSE Bug 829056 for CVE-2013-1896", url: "https://bugzilla.suse.com/829056", }, { category: "external", summary: "SUSE Bug 829057 for CVE-2013-1896", url: "https://bugzilla.suse.com/829057", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1896", }, { cve: "CVE-2013-2249", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2249", }, ], notes: [ { category: "general", text: "mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2249", url: "https://www.suse.com/security/cve/CVE-2013-2249", }, { category: "external", summary: "SUSE Bug 831113 for CVE-2013-2249", url: "https://bugzilla.suse.com/831113", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2013-2249", }, { cve: "CVE-2013-5704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-5704", }, ], notes: [ { category: "general", text: "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-5704", url: "https://www.suse.com/security/cve/CVE-2013-5704", }, { category: "external", summary: "SUSE Bug 871310 for CVE-2013-5704", url: "https://bugzilla.suse.com/871310", }, { category: "external", summary: "SUSE Bug 914535 for CVE-2013-5704", url: "https://bugzilla.suse.com/914535", }, { category: "external", summary: "SUSE Bug 930944 for CVE-2013-5704", url: "https://bugzilla.suse.com/930944", }, { category: "external", summary: "SUSE Bug 938728 for CVE-2013-5704", url: "https://bugzilla.suse.com/938728", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2013-5704", }, { cve: "CVE-2013-6438", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-6438", }, ], notes: [ { category: "general", text: "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-6438", url: "https://www.suse.com/security/cve/CVE-2013-6438", }, { category: "external", summary: "SUSE Bug 869105 for CVE-2013-6438", url: "https://bugzilla.suse.com/869105", }, { category: "external", summary: "SUSE Bug 869106 for CVE-2013-6438", url: "https://bugzilla.suse.com/869106", }, { category: "external", summary: "SUSE Bug 887765 for CVE-2013-6438", url: "https://bugzilla.suse.com/887765", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-6438", }, { cve: "CVE-2014-0098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0098", }, ], notes: [ { category: "general", text: "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0098", url: "https://www.suse.com/security/cve/CVE-2014-0098", }, { category: "external", summary: "SUSE Bug 869106 for CVE-2014-0098", url: "https://bugzilla.suse.com/869106", }, { category: "external", summary: "SUSE Bug 887765 for CVE-2014-0098", url: "https://bugzilla.suse.com/887765", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0098", }, { cve: "CVE-2014-0117", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0117", }, ], notes: [ { category: "general", text: "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0117", url: "https://www.suse.com/security/cve/CVE-2014-0117", }, { category: "external", summary: "SUSE Bug 887767 for CVE-2014-0117", url: "https://bugzilla.suse.com/887767", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0117", }, { cve: "CVE-2014-0118", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0118", }, ], notes: [ { category: "general", text: "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0118", url: "https://www.suse.com/security/cve/CVE-2014-0118", }, { category: "external", summary: "SUSE Bug 1078450 for CVE-2014-0118", url: "https://bugzilla.suse.com/1078450", }, { category: "external", summary: "SUSE Bug 887769 for CVE-2014-0118", url: "https://bugzilla.suse.com/887769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0118", }, { cve: "CVE-2014-0226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0226", }, ], notes: [ { category: "general", text: "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0226", url: "https://www.suse.com/security/cve/CVE-2014-0226", }, { category: "external", summary: "SUSE Bug 887765 for CVE-2014-0226", url: "https://bugzilla.suse.com/887765", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0226", }, { cve: "CVE-2014-0231", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0231", }, ], notes: [ { category: "general", text: "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0231", url: "https://www.suse.com/security/cve/CVE-2014-0231", }, { category: "external", summary: "SUSE Bug 887768 for CVE-2014-0231", url: "https://bugzilla.suse.com/887768", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-0231", }, { cve: "CVE-2014-3523", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3523", }, ], notes: [ { category: "general", text: "Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3523", url: "https://www.suse.com/security/cve/CVE-2014-3523", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3523", }, { cve: "CVE-2014-3581", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3581", }, ], notes: [ { category: "general", text: "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3581", url: "https://www.suse.com/security/cve/CVE-2014-3581", }, { category: "external", summary: "SUSE Bug 899836 for CVE-2014-3581", url: "https://bugzilla.suse.com/899836", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3581", }, { cve: "CVE-2014-3583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-3583", }, ], notes: [ { category: "general", text: "The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-3583", url: "https://www.suse.com/security/cve/CVE-2014-3583", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-3583", }, { cve: "CVE-2014-8109", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-8109", }, ], notes: [ { category: "general", text: "mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-8109", url: "https://www.suse.com/security/cve/CVE-2014-8109", }, { category: "external", summary: "SUSE Bug 909715 for CVE-2014-8109", url: "https://bugzilla.suse.com/909715", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-8109", }, { cve: "CVE-2015-0228", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-0228", }, ], notes: [ { category: "general", text: "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-0228", url: "https://www.suse.com/security/cve/CVE-2015-0228", }, { category: "external", summary: "SUSE Bug 918352 for CVE-2015-0228", url: "https://bugzilla.suse.com/918352", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-0228", }, { cve: "CVE-2015-0253", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-0253", }, ], notes: [ { category: "general", text: "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-0253", url: "https://www.suse.com/security/cve/CVE-2015-0253", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-0253", }, { cve: "CVE-2015-4000", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-4000", }, ], notes: [ { category: "general", text: "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-4000", url: "https://www.suse.com/security/cve/CVE-2015-4000", }, { category: "external", summary: "SUSE Bug 1074631 for CVE-2015-4000", url: "https://bugzilla.suse.com/1074631", }, { category: "external", summary: "SUSE Bug 1211968 for CVE-2015-4000", url: "https://bugzilla.suse.com/1211968", }, { category: "external", summary: "SUSE Bug 931600 for CVE-2015-4000", url: "https://bugzilla.suse.com/931600", }, { category: "external", summary: "SUSE Bug 931698 for CVE-2015-4000", url: "https://bugzilla.suse.com/931698", }, { category: "external", summary: "SUSE Bug 931723 for CVE-2015-4000", url: "https://bugzilla.suse.com/931723", }, { category: "external", summary: "SUSE Bug 931845 for CVE-2015-4000", url: "https://bugzilla.suse.com/931845", }, { category: "external", summary: "SUSE Bug 932026 for CVE-2015-4000", url: "https://bugzilla.suse.com/932026", }, { category: "external", summary: "SUSE Bug 932483 for CVE-2015-4000", url: "https://bugzilla.suse.com/932483", }, { category: "external", summary: "SUSE Bug 934789 for CVE-2015-4000", url: "https://bugzilla.suse.com/934789", }, { category: "external", summary: "SUSE Bug 935033 for CVE-2015-4000", url: "https://bugzilla.suse.com/935033", }, { category: "external", summary: "SUSE Bug 935540 for CVE-2015-4000", url: "https://bugzilla.suse.com/935540", }, { category: "external", summary: "SUSE Bug 935979 for CVE-2015-4000", url: "https://bugzilla.suse.com/935979", }, { category: "external", summary: "SUSE Bug 937202 for CVE-2015-4000", url: "https://bugzilla.suse.com/937202", }, { category: "external", summary: "SUSE Bug 937766 for CVE-2015-4000", url: "https://bugzilla.suse.com/937766", }, { category: "external", summary: "SUSE Bug 938248 for CVE-2015-4000", url: "https://bugzilla.suse.com/938248", }, { category: "external", summary: "SUSE Bug 938432 for CVE-2015-4000", url: "https://bugzilla.suse.com/938432", }, { category: "external", summary: "SUSE Bug 938895 for CVE-2015-4000", url: "https://bugzilla.suse.com/938895", }, { category: "external", summary: "SUSE Bug 938905 for CVE-2015-4000", url: "https://bugzilla.suse.com/938905", }, { category: "external", summary: "SUSE Bug 938906 for CVE-2015-4000", url: "https://bugzilla.suse.com/938906", }, { category: "external", summary: "SUSE Bug 938913 for CVE-2015-4000", url: "https://bugzilla.suse.com/938913", }, { category: "external", summary: "SUSE Bug 938945 for CVE-2015-4000", url: "https://bugzilla.suse.com/938945", }, { category: "external", summary: "SUSE Bug 943664 for CVE-2015-4000", url: "https://bugzilla.suse.com/943664", }, { category: "external", summary: "SUSE Bug 944729 for CVE-2015-4000", url: "https://bugzilla.suse.com/944729", }, { category: "external", summary: "SUSE Bug 945582 for CVE-2015-4000", url: "https://bugzilla.suse.com/945582", }, { category: "external", summary: "SUSE Bug 955589 for CVE-2015-4000", url: "https://bugzilla.suse.com/955589", }, { category: "external", summary: "SUSE Bug 980406 for CVE-2015-4000", url: "https://bugzilla.suse.com/980406", }, { category: "external", summary: "SUSE Bug 990592 for CVE-2015-4000", url: "https://bugzilla.suse.com/990592", }, { category: "external", summary: "SUSE Bug 994144 for CVE-2015-4000", url: "https://bugzilla.suse.com/994144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-4000", }, { cve: "CVE-2016-4979", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4979", }, ], notes: [ { category: "general", text: "The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the \"SSLVerifyClient require\" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4979", url: "https://www.suse.com/security/cve/CVE-2016-4979", }, { category: "external", summary: "SUSE Bug 987365 for CVE-2016-4979", url: "https://bugzilla.suse.com/987365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:apache2-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-devel-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-doc-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-event-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-example-pages-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-prefork-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-utils-2.4.23-4.1.x86_64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.aarch64", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.ppc64le", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.s390x", "openSUSE Tumbleweed:apache2-worker-2.4.23-4.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-4979", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.