Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-3544 (GCVE-0-2012-3544)
Vulnerability from cvelistv5
Published
2013-06-01 10:00
Modified
2024-08-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"name": "59797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"name": "USN-1841-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:10:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"name": "59797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"name": "USN-1841-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"name": "64758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"name": "59797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59797"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"name": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"name": "USN-1841-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3544",
"datePublished": "2013-06-01T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-3544\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-06-01T14:21:05.750\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat v6.x anteriores a v6.0.37 y v7.x anteriores a v7.0.30 no gestionan de forma adecuada las extensiones troceadas, en la transferencia de trozos codificados, lo que permite a atacantes remotos a provocar una denegaci\u00f3n de servicio mediante datos en stream.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4871FD1-7F8C-4677-A80B-4A0BBC71DD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AB969A-9ACE-44EF-B2E5-CEC008F47C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"06217215-72E4-4478-BACB-628A0836A645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA810F3F-ADD3-4D3F-9DFC-DBDD87B3079C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B79F2EA-C893-4359-80EC-24AE38D982E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A61429EE-4331-430C-9830-58DCCBCBCB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4945C8C1-C71B-448B-9075-07C6C92599CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED4730B0-2E09-408B-AFD4-FE00F73700FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1378702\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1378921\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1476592\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/59797\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/64758\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1841-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1378702\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1378921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1476592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/59797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/64758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1841-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2013-AVI-543
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1789"
},
{
"name": "CVE-2002-2443",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-2443"
},
{
"name": "CVE-2013-4073",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4073"
},
{
"name": "CVE-2010-1322",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1322"
},
{
"name": "CVE-2013-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4921"
},
{
"name": "CVE-2013-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1989"
},
{
"name": "CVE-2011-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2939"
},
{
"name": "CVE-2013-4935",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4935"
},
{
"name": "CVE-2010-4020",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4020"
},
{
"name": "CVE-2013-4920",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4920"
},
{
"name": "CVE-2013-1985",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1985"
},
{
"name": "CVE-2008-7247",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
},
{
"name": "CVE-2013-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2001"
},
{
"name": "CVE-2008-4098",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4098"
},
{
"name": "CVE-2010-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1158"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2012-0260",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0260"
},
{
"name": "CVE-2013-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2003"
},
{
"name": "CVE-2013-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1983"
},
{
"name": "CVE-2013-1987",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1987"
},
{
"name": "CVE-2013-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4083"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2012-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1798"
},
{
"name": "CVE-2013-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2004"
},
{
"name": "CVE-2013-1982",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1982"
},
{
"name": "CVE-2013-4925",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4925"
},
{
"name": "CVE-2013-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1998"
},
{
"name": "CVE-2013-1997",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1997"
},
{
"name": "CVE-2013-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3560"
},
{
"name": "CVE-2013-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2064"
},
{
"name": "CVE-2013-1415",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1415"
},
{
"name": "CVE-2013-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4926"
},
{
"name": "CVE-2013-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1992"
},
{
"name": "CVE-2013-1988",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1988"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2013-1993",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1993"
},
{
"name": "CVE-2013-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2487"
},
{
"name": "CVE-2010-4021",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4021"
},
{
"name": "CVE-2013-4930",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4930"
},
{
"name": "CVE-2013-4928",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4928"
},
{
"name": "CVE-2013-3556",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3556"
},
{
"name": "CVE-2012-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1016"
},
{
"name": "CVE-2005-0448",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0448"
},
{
"name": "CVE-2013-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3555"
},
{
"name": "CVE-2013-4933",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4933"
},
{
"name": "CVE-2012-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0259"
},
{
"name": "CVE-2013-3558",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3558"
},
{
"name": "CVE-2013-1984",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1984"
},
{
"name": "CVE-2013-3559",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3559"
},
{
"name": "CVE-2013-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4923"
},
{
"name": "CVE-2013-4929",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4929"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2013-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2002"
},
{
"name": "CVE-2013-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1981"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2013-3557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3557"
},
{
"name": "CVE-2004-0452",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0452"
},
{
"name": "CVE-2013-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1619"
},
{
"name": "CVE-2013-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1999"
},
{
"name": "CVE-2013-4931",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4931"
},
{
"name": "CVE-2010-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1324"
},
{
"name": "CVE-2013-4932",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4932"
},
{
"name": "CVE-2012-4481",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4481"
},
{
"name": "CVE-2013-3562",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3562"
},
{
"name": "CVE-2010-1626",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1626"
},
{
"name": "CVE-2013-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1996"
},
{
"name": "CVE-2013-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1990"
},
{
"name": "CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"name": "CVE-2005-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-0156"
},
{
"name": "CVE-2013-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1861"
},
{
"name": "CVE-2013-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1788"
},
{
"name": "CVE-2013-4927",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4927"
},
{
"name": "CVE-2013-4936",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4936"
},
{
"name": "CVE-2011-1005",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1005"
},
{
"name": "CVE-2011-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0284"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2013-4924",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4924"
},
{
"name": "CVE-2013-2066",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2066"
},
{
"name": "CVE-2010-1323",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
},
{
"name": "CVE-2013-2062",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2062"
},
{
"name": "CVE-2013-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2005"
},
{
"name": "CVE-2013-2063",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2063"
},
{
"name": "CVE-2013-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2486"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2013-3561",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3561"
},
{
"name": "CVE-2013-4934",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4934"
},
{
"name": "CVE-2013-1986",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1986"
},
{
"name": "CVE-2013-4922",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4922"
},
{
"name": "CVE-2013-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1790"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-2000",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2000"
},
{
"name": "CVE-2013-1995",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1995"
},
{
"name": "CVE-2012-1610",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1610"
},
{
"name": "CVE-2013-2116",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2116"
},
{
"name": "CVE-2012-6095",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6095"
},
{
"name": "CVE-2005-4278",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4278"
},
{
"name": "CVE-2007-4460",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4460"
}
],
"initial_release_date": "2013-09-25T00:00:00",
"last_revision_date": "2013-09-25T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-543",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 24 septembre 2013",
"url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
}
]
}
CERTFR-2014-AVI-244
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2013-0200",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0200"
},
{
"name": "CVE-2013-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
},
{
"name": "CVE-2013-6712",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6712"
},
{
"name": "CVE-2013-6420",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6420"
},
{
"name": "CVE-2013-1571",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1571"
},
{
"name": "CVE-2012-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4037"
},
{
"name": "CVE-2006-4810",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4810"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2010-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
},
{
"name": "CVE-2010-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
},
{
"name": "CVE-2013-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4248"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2014-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1943"
},
{
"name": "CVE-2014-2281",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2281"
},
{
"name": "CVE-2013-4496",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4496"
},
{
"name": "CVE-2013-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
},
{
"name": "CVE-2013-5211",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2014-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0591"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2014-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2283"
},
{
"name": "CVE-2013-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
},
{
"name": "CVE-2014-2270",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2270"
},
{
"name": "CVE-2013-4238",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4238"
},
{
"name": "CVE-2014-1912",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
},
{
"name": "CVE-2014-2282",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2282"
}
],
"initial_release_date": "2014-05-27T00:00:00",
"last_revision_date": "2014-05-27T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-244",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-05-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 22 mai 2014",
"url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
}
]
}
CERTA-2014-AVI-032
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle VirtualBox et Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Secure Global Desktop versions 4.6.3 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VirtualBox versions 3.2.20 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VirtualBox versions 4.3.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0419"
},
{
"name": "CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"name": "CVE-2014-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0404"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2014-0405",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0405"
},
{
"name": "CVE-2014-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0407"
},
{
"name": "CVE-2013-5892",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5892"
},
{
"name": "CVE-2014-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0406"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
}
],
"initial_release_date": "2014-01-15T00:00:00",
"last_revision_date": "2014-01-15T00:00:00",
"links": [],
"reference": "CERTA-2014-AVI-032",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle VirtualBox et Apache Tomcat\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VirtualBox et Apache Tomcat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2014 du 14 janvier 2014",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
CERTA-2014-AVI-025
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Supply Chain Products Suite. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Supply Chain Products Suite versions 12.2.3 et antérieures | ||
| Oracle | N/A | Oracle Supply Chain Products Suite versions 6.3.2 et antérieures | ||
| Oracle | N/A | Oracle Supply Chain Products Suite version 7.2.0.3 | ||
| Oracle | N/A | Oracle Supply Chain Products Suite versions 7.3.1 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Supply Chain Products Suite versions 12.2.3 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Supply Chain Products Suite versions 6.3.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Supply Chain Products Suite version 7.2.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Supply Chain Products Suite versions 7.3.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0399"
},
{
"name": "CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"name": "CVE-2013-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5877"
},
{
"name": "CVE-2014-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0444"
},
{
"name": "CVE-2013-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5795"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2013-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5880"
},
{
"name": "CVE-2013-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5868"
},
{
"name": "CVE-2014-0371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0371"
},
{
"name": "CVE-2013-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5871"
},
{
"name": "CVE-2014-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0434"
},
{
"name": "CVE-2013-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5897"
},
{
"name": "CVE-2014-0372",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0372"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2014-0379",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0379"
},
{
"name": "CVE-2014-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0435"
}
],
"initial_release_date": "2014-01-15T00:00:00",
"last_revision_date": "2014-01-15T00:00:00",
"links": [],
"reference": "CERTA-2014-AVI-025",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Supply Chain Products Suite\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Supply Chain Products Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2014 du 14 janvier 2014",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
CERTFR-2014-AVI-322
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Linux and Virtualization. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Virtualization | Oracle Virtual Desktop Infrastructure (VDI), versions antérieures à 3.5.1 | ||
| Oracle | Virtualization | Oracle VM VirtualBox, versions antérieures à 3.2.24, 4.0.26, 4.1.34, 4.2.26, 4.3.14 | ||
| Oracle | Virtualization | Sun Ray Software, versions antérieures à 5.4.3 | ||
| Oracle | Virtualization | Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Virtual Desktop Infrastructure (VDI), versions ant\u00e9rieures \u00e0 3.5.1",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox, versions ant\u00e9rieures \u00e0 3.2.24, 4.0.26, 4.1.34, 4.2.26, 4.3.14",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Sun Ray Software, versions ant\u00e9rieures \u00e0 5.4.3",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Secure Global Desktop, versions 4.63, 4.71, 5.0, 5.1",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2014-4261",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4261"
},
{
"name": "CVE-2014-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2486"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2014-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2487"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2014-2477",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2477"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2014-2489",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2489"
},
{
"name": "CVE-2014-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4232"
},
{
"name": "CVE-2014-2488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2488"
},
{
"name": "CVE-2014-4228",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4228"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
}
],
"initial_release_date": "2014-07-16T00:00:00",
"last_revision_date": "2014-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-322",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Linux and Virtualization\u003c/span\u003e. Elles permettent\n\u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Linux and Virtualization",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 juillet 2014",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
}
]
}
CERTA-2014-AVI-022
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Oracle Fusion Middleware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Oracle Fusion Middleware versions 12.1.2.0 et antérieures
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eOracle Fusion Middleware versions 12.1.2.0 et ant\u00e9rieures\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0383",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0383"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2013-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1654"
},
{
"name": "CVE-2007-1858",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1858"
},
{
"name": "CVE-2014-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0400"
},
{
"name": "CVE-2013-5785",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5785"
},
{
"name": "CVE-2007-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0009"
},
{
"name": "CVE-2013-5901",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5901"
},
{
"name": "CVE-2013-5808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5808"
},
{
"name": "CVE-2014-0374",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0374"
},
{
"name": "CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"name": "CVE-2013-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5879"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2012-4605",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4605"
},
{
"name": "CVE-2013-4316",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4316"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2013-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5869"
},
{
"name": "CVE-2013-5900",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5900"
},
{
"name": "CVE-2014-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0391"
}
],
"initial_release_date": "2014-01-15T00:00:00",
"last_revision_date": "2014-01-15T00:00:00",
"links": [],
"reference": "CERTA-2014-AVI-022",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Fusion Middleware\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Fusion Middleware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2014 du 14 janvier 2014",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
CERTFR-2022-AVI-568
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 | ||
| IBM | N/A | IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3 | ||
| IBM | N/A | IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix | ||
| IBM | N/A | IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2013-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2012-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2018-17196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2013-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2013-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2012-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2022-06-17T00:00:00",
"last_revision_date": "2022-06-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595755"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595739"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595721"
}
]
}
ghsa-qfxv-3ppc-7qg5
Vulnerability from github
Published
2022-05-14 01:10
Modified
2025-04-12 00:09
VLAI Severity ?
Summary
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
Details
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.30"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-3544"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-12T00:09:07Z",
"nvd_published_at": "2013-06-01T14:21:00Z",
"severity": "MODERATE"
},
"details": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"id": "GHSA-qfxv-3ppc-7qg5",
"modified": "2025-04-12T00:09:08Z",
"published": "2022-05-14T01:10:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions"
}
rhsa-2013:1013
Vulnerability from csaf_redhat
Published
2013-07-03 16:18
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available from the Red Hat Customer Portal for Red Hat
Enterprise Linux 5 and 6, Solaris, and Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Note: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages
for Solaris and Windows. Updates for Red Hat Enterprise Linux can be
downloaded from the Red Hat Network.
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,
which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available from the Red Hat Customer Portal for Red Hat\nEnterprise Linux 5 and 6, Solaris, and Microsoft Windows.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nNote: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages\nfor Solaris and Windows. Updates for Red Hat Enterprise Linux can be\ndownloaded from the Red Hat Network.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,\nwhich corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1013",
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1013.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:16+00:00",
"generator": {
"date": "2025-10-09T14:18:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1013",
"initial_release_date": "2013-07-03T16:18:00+00:00",
"revision_history": [
{
"date": "2013-07-03T16:18:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T16:18:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.0",
"product": {
"name": "Red Hat JBoss Web Server 2.0",
"product_id": "Red Hat JBoss Web Server 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-0166",
"discovery_date": "2013-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "908052"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: DoS due to improper handling of OCSP response verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0166"
},
{
"category": "external",
"summary": "RHBZ#908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: DoS due to improper handling of OCSP response verification"
},
{
"cve": "CVE-2013-0169",
"discovery_date": "2013-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907589"
}
],
"notes": [
{
"category": "description",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: CBC padding timing attack (lucky-13)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0169"
},
{
"category": "external",
"summary": "RHBZ#907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/",
"url": "http://www.isg.rhul.ac.uk/tls/"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
},
{
"category": "external",
"summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"release_date": "2013-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "workaround",
"details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: CBC padding timing attack (lucky-13)"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
rhsa-2013_1012
Vulnerability from csaf_redhat
Published
2013-07-03 15:43
Modified
2024-11-25 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1012",
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1012.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2024-11-25T11:55:11+00:00",
"generator": {
"date": "2024-11-25T11:55:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:1012",
"initial_release_date": "2013-07-03T15:43:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:43:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T11:55:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product_id": "httpd-0:2.2.22-23.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
RHSA-2013:1011
Vulnerability from csaf_redhat
Published
2013-07-03 15:38
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1011",
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1011.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:14+00:00",
"generator": {
"date": "2025-10-09T14:18:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1011",
"initial_release_date": "2013-07-03T15:38:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product_id": "httpd-0:2.2.22-23.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
RHSA-2013:1013
Vulnerability from csaf_redhat
Published
2013-07-03 16:18
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available from the Red Hat Customer Portal for Red Hat
Enterprise Linux 5 and 6, Solaris, and Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Note: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages
for Solaris and Windows. Updates for Red Hat Enterprise Linux can be
downloaded from the Red Hat Network.
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,
which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available from the Red Hat Customer Portal for Red Hat\nEnterprise Linux 5 and 6, Solaris, and Microsoft Windows.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nNote: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages\nfor Solaris and Windows. Updates for Red Hat Enterprise Linux can be\ndownloaded from the Red Hat Network.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,\nwhich corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1013",
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1013.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:16+00:00",
"generator": {
"date": "2025-10-09T14:18:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1013",
"initial_release_date": "2013-07-03T16:18:00+00:00",
"revision_history": [
{
"date": "2013-07-03T16:18:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T16:18:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.0",
"product": {
"name": "Red Hat JBoss Web Server 2.0",
"product_id": "Red Hat JBoss Web Server 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-0166",
"discovery_date": "2013-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "908052"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: DoS due to improper handling of OCSP response verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0166"
},
{
"category": "external",
"summary": "RHBZ#908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: DoS due to improper handling of OCSP response verification"
},
{
"cve": "CVE-2013-0169",
"discovery_date": "2013-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907589"
}
],
"notes": [
{
"category": "description",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: CBC padding timing attack (lucky-13)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0169"
},
{
"category": "external",
"summary": "RHBZ#907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/",
"url": "http://www.isg.rhul.ac.uk/tls/"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
},
{
"category": "external",
"summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"release_date": "2013-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "workaround",
"details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: CBC padding timing attack (lucky-13)"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
rhsa-2013:1012
Vulnerability from csaf_redhat
Published
2013-07-03 15:43
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1012",
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1012.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:16+00:00",
"generator": {
"date": "2025-10-09T14:18:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1012",
"initial_release_date": "2013-07-03T15:43:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:43:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product_id": "httpd-0:2.2.22-23.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
rhsa-2013:1011
Vulnerability from csaf_redhat
Published
2013-07-03 15:38
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1011",
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1011.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:14+00:00",
"generator": {
"date": "2025-10-09T14:18:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1011",
"initial_release_date": "2013-07-03T15:38:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product_id": "httpd-0:2.2.22-23.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
RHSA-2013:1012
Vulnerability from csaf_redhat
Published
2013-07-03 15:43
Modified
2025-10-09 14:18
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1012",
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1012.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2025-10-09T14:18:16+00:00",
"generator": {
"date": "2025-10-09T14:18:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2013:1012",
"initial_release_date": "2013-07-03T15:43:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:43:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T14:18:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.src",
"product_id": "httpd-0:2.2.22-23.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-5_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-10_patch_01.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6-debuginfo@1.0.15-1.redhat_1.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.4-1.Final.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.22-23.ep6.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1012"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.src",
"6Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch",
"6Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el6.src",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.4-1.Final.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-debuginfo-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.src",
"6Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.i386",
"6Server-JBEWS-2:tomcat-native-debuginfo-0:1.1.27-4.redhat_1.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-10_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-10_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.40-5_patch_01.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-5_patch_01.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.40-5_patch_01.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
rhsa-2013_1011
Vulnerability from csaf_redhat
Published
2013-07-03 15:38
Modified
2024-11-25 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1011",
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1011.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2024-11-25T11:55:04+00:00",
"generator": {
"date": "2024-11-25T11:55:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:1011",
"initial_release_date": "2013-07-03T15:38:00+00:00",
"revision_history": [
{
"date": "2013-07-03T15:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T15:47:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T11:55:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_id": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_id": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product": {
"name": "httpd-0:2.2.22-23.ep6.el5.src",
"product_id": "httpd-0:2.2.22-23.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_id": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-8_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_id": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-9_patch_01.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64"
},
"product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src"
},
"product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch"
},
"product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src"
},
"product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src"
},
"product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src"
},
"product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64"
},
"product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64"
},
"product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src"
},
"product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src"
},
"product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T15:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1011"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src",
"5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch",
"5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src",
"5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch",
"5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386",
"5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src",
"5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
rhsa-2013_1013
Vulnerability from csaf_redhat
Published
2013-07-03 16:18
Modified
2024-11-25 11:55
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available from the Red Hat Customer Portal for Red Hat
Enterprise Linux 5 and 6, Solaris, and Microsoft Windows.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A NULL pointer dereference flaw was found in the OCSP response verification
in OpenSSL. A malicious OCSP server could use this flaw to crash
applications performing OCSP verification by sending a specially-crafted
response. (CVE-2013-0166)
It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites
were used. A remote attacker could possibly use this flaw to retrieve plain
text from the encrypted packets by using a TLS/SSL or DTLS server as a
padding oracle. (CVE-2013-0169)
Note: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages
for Solaris and Windows. Updates for Red Hat Enterprise Linux can be
downloaded from the Red Hat Network.
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,
which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available from the Red Hat Customer Portal for Red Hat\nEnterprise Linux 5 and 6, Solaris, and Microsoft Windows.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nNote: CVE-2013-0166 and CVE-2013-0169 were only corrected in the packages\nfor Solaris and Windows. Updates for Red Hat Enterprise Linux can be\ndownloaded from the Red Hat Network.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Web Server 2.0.1,\nwhich corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:1013",
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/",
"url": "https://access.redhat.com/site/documentation/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.0.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html"
},
{
"category": "external",
"summary": "907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1013.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update",
"tracking": {
"current_release_date": "2024-11-25T11:55:15+00:00",
"generator": {
"date": "2024-11-25T11:55:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:1013",
"initial_release_date": "2013-07-03T16:18:00+00:00",
"revision_history": [
{
"date": "2013-07-03T16:18:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-07-03T16:18:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T11:55:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.0",
"product": {
"name": "Red Hat JBoss Web Server 2.0",
"product_id": "Red Hat JBoss Web Server 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3499",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915883"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: multiple XSS flaws due to unescaped hostnames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3499"
},
{
"category": "external",
"summary": "RHBZ#915883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: multiple XSS flaws due to unescaped hostnames"
},
{
"cve": "CVE-2012-3544",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961783"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "RHBZ#961783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2012-4558",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915884"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: XSS flaw in mod_proxy_balancer manager interface",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4558"
},
{
"category": "external",
"summary": "RHBZ#915884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558"
}
],
"release_date": "2013-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: XSS flaw in mod_proxy_balancer manager interface"
},
{
"cve": "CVE-2013-0166",
"discovery_date": "2013-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "908052"
}
],
"notes": [
{
"category": "description",
"text": "OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: DoS due to improper handling of OCSP response verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0166"
},
{
"category": "external",
"summary": "RHBZ#908052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0166"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: DoS due to improper handling of OCSP response verification"
},
{
"cve": "CVE-2013-0169",
"discovery_date": "2013-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "907589"
}
],
"notes": [
{
"category": "description",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: CBC padding timing attack (lucky-13)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0169"
},
{
"category": "external",
"summary": "RHBZ#907589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0169"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/",
"url": "http://www.isg.rhul.ac.uk/tls/"
},
{
"category": "external",
"summary": "http://www.openssl.org/news/secadv_20130205.txt",
"url": "http://www.openssl.org/news/secadv_20130205.txt"
},
{
"category": "external",
"summary": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
}
],
"release_date": "2013-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
},
{
"category": "workaround",
"details": "On OpenShift Container Platform 3.11 it\u0027s possible to edit the list of cipher suites offered by the router when performing \u0027edge\u0027, or \u0027re-encrypt\u0027 TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In \u0027passthrough\u0027 mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: CBC padding timing attack (lucky-13)"
},
{
"cve": "CVE-2013-2067",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961779"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation in form authenticator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2067"
},
{
"category": "external",
"summary": "RHBZ#961779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Session fixation in form authenticator"
},
{
"cve": "CVE-2013-2071",
"discovery_date": "2013-05-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "961803"
}
],
"notes": [
{
"category": "description",
"text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2071"
},
{
"category": "external",
"summary": "RHBZ#961803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2071"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071"
}
],
"release_date": "2013-05-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-07-03T16:18:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:1013"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions"
}
]
}
fkie_cve-2012-3544
Vulnerability from fkie_nvd
Published
2013-06-01 14:21
Modified
2025-04-11 00:51
Severity ?
Summary
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2014/Dec/23 | ||
| secalert@redhat.com | http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592 | Patch | |
| secalert@redhat.com | http://svn.apache.org/viewvc?view=revision&revision=1378702 | Patch | |
| secalert@redhat.com | http://svn.apache.org/viewvc?view=revision&revision=1378921 | Patch | |
| secalert@redhat.com | http://svn.apache.org/viewvc?view=revision&revision=1476592 | Patch | |
| secalert@redhat.com | http://tomcat.apache.org/security-6.html | Vendor Advisory | |
| secalert@redhat.com | http://tomcat.apache.org/security-7.html | Vendor Advisory | |
| secalert@redhat.com | http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | ||
| secalert@redhat.com | http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/534161/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/59797 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/64758 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1841-1 | ||
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2014-0012.html | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Dec/23 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.apache.org/viewvc?view=revision&revision=1378702 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.apache.org/viewvc?view=revision&revision=1378921 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.apache.org/viewvc?view=revision&revision=1476592 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tomcat.apache.org/security-6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tomcat.apache.org/security-7.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/534161/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/59797 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/64758 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1841-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2014-0012.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat | 6.0 | |
| apache | tomcat | 6.0.0 | |
| apache | tomcat | 6.0.0 | |
| apache | tomcat | 6.0.1 | |
| apache | tomcat | 6.0.1 | |
| apache | tomcat | 6.0.2 | |
| apache | tomcat | 6.0.2 | |
| apache | tomcat | 6.0.2 | |
| apache | tomcat | 6.0.3 | |
| apache | tomcat | 6.0.4 | |
| apache | tomcat | 6.0.4 | |
| apache | tomcat | 6.0.5 | |
| apache | tomcat | 6.0.6 | |
| apache | tomcat | 6.0.6 | |
| apache | tomcat | 6.0.7 | |
| apache | tomcat | 6.0.7 | |
| apache | tomcat | 6.0.7 | |
| apache | tomcat | 6.0.8 | |
| apache | tomcat | 6.0.8 | |
| apache | tomcat | 6.0.9 | |
| apache | tomcat | 6.0.9 | |
| apache | tomcat | 6.0.10 | |
| apache | tomcat | 6.0.11 | |
| apache | tomcat | 6.0.12 | |
| apache | tomcat | 6.0.13 | |
| apache | tomcat | 6.0.14 | |
| apache | tomcat | 6.0.15 | |
| apache | tomcat | 6.0.16 | |
| apache | tomcat | 6.0.17 | |
| apache | tomcat | 6.0.18 | |
| apache | tomcat | 6.0.19 | |
| apache | tomcat | 6.0.20 | |
| apache | tomcat | 6.0.24 | |
| apache | tomcat | 6.0.26 | |
| apache | tomcat | 6.0.27 | |
| apache | tomcat | 6.0.28 | |
| apache | tomcat | 6.0.29 | |
| apache | tomcat | 6.0.30 | |
| apache | tomcat | 6.0.31 | |
| apache | tomcat | 6.0.32 | |
| apache | tomcat | 6.0.33 | |
| apache | tomcat | 6.0.35 | |
| apache | tomcat | 6.0.36 | |
| apache | tomcat | 7.0.0 | |
| apache | tomcat | 7.0.0 | |
| apache | tomcat | 7.0.1 | |
| apache | tomcat | 7.0.2 | |
| apache | tomcat | 7.0.2 | |
| apache | tomcat | 7.0.3 | |
| apache | tomcat | 7.0.4 | |
| apache | tomcat | 7.0.4 | |
| apache | tomcat | 7.0.5 | |
| apache | tomcat | 7.0.6 | |
| apache | tomcat | 7.0.7 | |
| apache | tomcat | 7.0.8 | |
| apache | tomcat | 7.0.9 | |
| apache | tomcat | 7.0.10 | |
| apache | tomcat | 7.0.11 | |
| apache | tomcat | 7.0.12 | |
| apache | tomcat | 7.0.13 | |
| apache | tomcat | 7.0.14 | |
| apache | tomcat | 7.0.15 | |
| apache | tomcat | 7.0.16 | |
| apache | tomcat | 7.0.17 | |
| apache | tomcat | 7.0.18 | |
| apache | tomcat | 7.0.19 | |
| apache | tomcat | 7.0.20 | |
| apache | tomcat | 7.0.21 | |
| apache | tomcat | 7.0.22 | |
| apache | tomcat | 7.0.23 | |
| apache | tomcat | 7.0.25 | |
| apache | tomcat | 7.0.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "0A354C34-A3FE-4B8A-9985-8874A0634BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "CFE300CC-FD4A-444E-8506-E5E269D0A0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F50A3EC9-516E-48A7-839B-A73F491B5B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C4871FD1-7F8C-4677-A80B-4A0BBC71DD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
"matchCriteriaId": "31AB969A-9ACE-44EF-B2E5-CEC008F47C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "06217215-72E4-4478-BACB-628A0836A645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
"matchCriteriaId": "EA810F3F-ADD3-4D3F-9DFC-DBDD87B3079C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "8B79F2EA-C893-4359-80EC-24AE38D982E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "31B3593F-CEDF-423C-90F8-F88EED87DC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7862B2-E1FA-4E16-92CD-8918AB461D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E03BE3-60CC-4415-B993-D0BB00F87A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "48E5E8C3-21AD-4230-B945-AB7DE66307B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4945C8C1-C71B-448B-9075-07C6C92599CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4730B0-2E09-408B-AFD4-FE00F73700FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data."
},
{
"lang": "es",
"value": "Apache Tomcat v6.x anteriores a v6.0.37 y v7.x anteriores a v7.0.30 no gestionan de forma adecuada las extensiones troceadas, en la transferencia de trozos codificados, lo que permite a atacantes remotos a provocar una denegaci\u00f3n de servicio mediante datos en stream.\r\n"
}
],
"id": "CVE-2012-3544",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-01T14:21:05.750",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59797"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2015:1337-1
Vulnerability from csaf_suse
Published
2013-08-02 13:29
Modified
2013-08-02 13:29
Summary
Security update for tomcat6
Notes
Title of the patch
Security update for tomcat6
Description of the patch
This update of tomcat6 fixes:
* apache-tomcat-CVE-2012-3544.patch (bnc#831119)
* use chown --no-dereference to prevent symlink attacks on log
(bnc#822177#c7/prevents CVE-2013-1976)
* Fix tomcat init scripts generating malformed classpath (
http://youtrack.jetbrains.com/issue/JT-18545
<http://youtrack.jetbrains.com/issue/JT-18545> ) bnc#804992 (patch
from m407)
* fix a typo in initscript (bnc#768772 )
* copy all shell scripts (bnc#818948)
Security Issue references:
* CVE-2012-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>
* CVE-2013-1976
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976>
* CVE-2012-0022
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>
Patchnames
slessp3-tomcat6
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat6",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update of tomcat6 fixes:\n\n * apache-tomcat-CVE-2012-3544.patch (bnc#831119)\n * use chown --no-dereference to prevent symlink attacks on log\n (bnc#822177#c7/prevents CVE-2013-1976)\n * Fix tomcat init scripts generating malformed classpath (\n http://youtrack.jetbrains.com/issue/JT-18545\n \u003chttp://youtrack.jetbrains.com/issue/JT-18545\u003e ) bnc#804992 (patch\n from m407)\n * fix a typo in initscript (bnc#768772 )\n * copy all shell scripts (bnc#818948)\n\nSecurity Issue references:\n\n * CVE-2012-3544\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544\u003e\n * CVE-2013-1976\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976\u003e\n * CVE-2012-0022\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp3-tomcat6",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1337-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1337-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151337-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1337-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-August/001523.html"
},
{
"category": "self",
"summary": "SUSE Bug 768772",
"url": "https://bugzilla.suse.com/768772"
},
{
"category": "self",
"summary": "SUSE Bug 804992",
"url": "https://bugzilla.suse.com/804992"
},
{
"category": "self",
"summary": "SUSE Bug 818948",
"url": "https://bugzilla.suse.com/818948"
},
{
"category": "self",
"summary": "SUSE Bug 822177",
"url": "https://bugzilla.suse.com/822177"
},
{
"category": "self",
"summary": "SUSE Bug 831119",
"url": "https://bugzilla.suse.com/831119"
},
{
"category": "self",
"summary": "SUSE Bug 906152",
"url": "https://bugzilla.suse.com/906152"
},
{
"category": "self",
"summary": "SUSE Bug 917127",
"url": "https://bugzilla.suse.com/917127"
},
{
"category": "self",
"summary": "SUSE Bug 918195",
"url": "https://bugzilla.suse.com/918195"
},
{
"category": "self",
"summary": "SUSE Bug 926762",
"url": "https://bugzilla.suse.com/926762"
},
{
"category": "self",
"summary": "SUSE Bug 931442",
"url": "https://bugzilla.suse.com/931442"
},
{
"category": "self",
"summary": "SUSE Bug 932698",
"url": "https://bugzilla.suse.com/932698"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0022 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3544 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1976 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0227 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0230 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7810 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7810/"
}
],
"title": "Security update for tomcat6",
"tracking": {
"current_release_date": "2013-08-02T13:29:14Z",
"generator": {
"date": "2013-08-02T13:29:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1337-1",
"initial_release_date": "2013-08-02T13:29:14Z",
"revision_history": [
{
"date": "2013-08-02T13:29:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-lib-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-lib-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-lib-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"product": {
"name": "tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"product_id": "tomcat6-webapps-6.0.18-20.35.42.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:sp3:teradata"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-lib-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3",
"product_id": "SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-lib-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
"product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-lib-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-6.0.18-20.35.42.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
},
"product_reference": "tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-0022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0022"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0022",
"url": "https://www.suse.com/security/cve/CVE-2012-0022"
},
{
"category": "external",
"summary": "SUSE Bug 742477 for CVE-2012-0022",
"url": "https://bugzilla.suse.com/742477"
},
{
"category": "external",
"summary": "SUSE Bug 745056 for CVE-2012-0022",
"url": "https://bugzilla.suse.com/745056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "moderate"
}
],
"title": "CVE-2012-0022"
},
{
"cve": "CVE-2012-3544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3544"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3544",
"url": "https://www.suse.com/security/cve/CVE-2012-3544"
},
{
"category": "external",
"summary": "SUSE Bug 822177 for CVE-2012-3544",
"url": "https://bugzilla.suse.com/822177"
},
{
"category": "external",
"summary": "SUSE Bug 831119 for CVE-2012-3544",
"url": "https://bugzilla.suse.com/831119"
},
{
"category": "external",
"summary": "SUSE Bug 865746 for CVE-2012-3544",
"url": "https://bugzilla.suse.com/865746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "low"
}
],
"title": "CVE-2012-3544"
},
{
"cve": "CVE-2013-1976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1976"
}
],
"notes": [
{
"category": "general",
"text": "The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1976",
"url": "https://www.suse.com/security/cve/CVE-2013-1976"
},
{
"category": "external",
"summary": "SUSE Bug 822177 for CVE-2013-1976",
"url": "https://bugzilla.suse.com/822177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "moderate"
}
],
"title": "CVE-2013-1976"
},
{
"cve": "CVE-2014-0227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0227"
}
],
"notes": [
{
"category": "general",
"text": "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0227",
"url": "https://www.suse.com/security/cve/CVE-2014-0227"
},
{
"category": "external",
"summary": "SUSE Bug 917127 for CVE-2014-0227",
"url": "https://bugzilla.suse.com/917127"
},
{
"category": "external",
"summary": "SUSE Bug 926762 for CVE-2014-0227",
"url": "https://bugzilla.suse.com/926762"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2014-0227",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "moderate"
}
],
"title": "CVE-2014-0227"
},
{
"cve": "CVE-2014-0230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0230"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0230",
"url": "https://www.suse.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "SUSE Bug 926762 for CVE-2014-0230",
"url": "https://bugzilla.suse.com/926762"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2014-0230",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "important"
}
],
"title": "CVE-2014-0230"
},
{
"cve": "CVE-2014-7810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7810"
}
],
"notes": [
{
"category": "general",
"text": "The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7810",
"url": "https://www.suse.com/security/cve/CVE-2014-7810"
},
{
"category": "external",
"summary": "SUSE Bug 931442 for CVE-2014-7810",
"url": "https://bugzilla.suse.com/931442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.42.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.18-20.35.42.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2013-08-02T13:29:14Z",
"details": "moderate"
}
],
"title": "CVE-2014-7810"
}
]
}
gsd-2012-3544
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-3544",
"description": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"id": "GSD-2012-3544",
"references": [
"https://www.suse.com/security/cve/CVE-2012-3544.html",
"https://www.debian.org/security/2013/dsa-2725",
"https://access.redhat.com/errata/RHSA-2013:1013",
"https://access.redhat.com/errata/RHSA-2013:1012",
"https://access.redhat.com/errata/RHSA-2013:1011",
"https://advisories.mageia.org/CVE-2012-3544.html",
"https://alas.aws.amazon.com/cve/html/CVE-2012-3544.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-3544"
],
"details": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.",
"id": "GSD-2012-3544",
"modified": "2023-12-13T01:20:21.249265Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"name": "59797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59797"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"name": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"name": "USN-1841-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3544"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1476592"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378921"
},
{
"name": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592\u0026r2=1476591\u0026pathrev=1476592"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1378702"
},
{
"name": "USN-1841-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1841-1"
},
{
"name": "20130510 [SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html"
},
{
"name": "64758",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "59797",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/59797"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-04-15T16:29Z",
"publishedDate": "2013-06-01T14:21Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…